From owner-freebsd-security Tue Feb 2 03:45:48 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id DAA28609 for freebsd-security-outgoing; Tue, 2 Feb 1999 03:45:48 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from www.babel.dk (slut.babel.dk [194.255.106.129] (may be forged)) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id DAA28604 for ; Tue, 2 Feb 1999 03:45:46 -0800 (PST) (envelope-from vader@vader.dk) Received: from localhost (vader@localhost) by www.babel.dk (8.9.1a/8.9.1) with SMTP id MAA03489; Tue, 2 Feb 1999 12:45:35 +0100 (CET) Date: Tue, 2 Feb 1999 12:45:35 +0100 (CET) From: Chris Larsen X-Sender: vader@www.babel.dk To: Dan Langille cc: freebsd-security@FreeBSD.ORG Subject: Re: what were these probes? In-Reply-To: <19990202055804.YRQY682101.mta1-rme@wocker> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by hub.freebsd.org id DAA28605 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 2 Feb 1999, Dan Langille wrote: > ns.cvvm.com - - [02/Feb/1999:17:34:28 +1300] "GET /cgi-bin/phf HTTP/1.0" > 404 164 > ns.cvvm.com - - [02/Feb/1999:17:34:29 +1300] "GET /cgi-bin/Count.cgi > HTTP/1.0" 404 170 > ns.cvvm.com - - [02/Feb/1999:17:34:30 +1300] "GET /cgi-bin/test-cgi > HTTP/1.0" 404 169 > ns.cvvm.com - - [02/Feb/1999:17:34:31 +1300] "GET /cgi-bin/php.cgi > HTTP/1.0" 404 168 > ns.cvvm.com - - [02/Feb/1999:17:34:32 +1300] "GET /cgi-bin/handler > HTTP/1.0" 404 168 > ns.cvvm.com - - [02/Feb/1999:17:34:33 +1300] "GET /cgi-bin/webgais > HTTP/1.0" 404 168 > ns.cvvm.com - - [02/Feb/1999:17:34:34 +1300] "GET /cgi-bin/websendmail > HTTP/1.0" 404 172 > ns.cvvm.com - - [02/Feb/1999:17:34:34 +1300] "GET /cgi-bin/webdist.cgi > HTTP/1.0" 404 172 > ns.cvvm.com - - [02/Feb/1999:17:34:38 +1300] "GET /cgi-bin/faxsurvey > HTTP/1.0" 404 170 > ns.cvvm.com - - [02/Feb/1999:17:34:39 +1300] "GET /cgi-bin/htmlscript > HTTP/1.0" 404 171 > ns.cvvm.com - - [02/Feb/1999:17:34:40 +1300] "GET /cgi-bin/pfdisplay.cgi > HTTP/1.0" 404 174 > ns.cvvm.com - - [02/Feb/1999:17:34:41 +1300] "GET /cgi-bin/perl.exe > HTTP/1.0" 404 169 > ns.cvvm.com - - [02/Feb/1999:17:34:43 +1300] "GET /cgi-bin/wwwboard.pl > HTTP/1.0" 404 172 > ns.cvvm.com - - [02/Feb/1999:17:34:47 +1300] "GET /cgi- > bin/ews/ews/architext_query.pl HTTP/1.0" 404 187 > ns.cvvm.com - - [02/Feb/1999:17:34:48 +1300] "GET /cgi-bin/jj HTTP/1.0" > 404 163 > > > telnet: > > Feb 2 17:34:20 ns telnetd[29665]: refused connect from ns.cvvm.com > Feb 2 17:34:20 ns telnetd[29667]: refused connect from ns.cvvm.com > > sendmail: > > Feb 2 17:34:25 ns sendmail[29666]: NOQUEUE: Null connection from > root@ns.cvvm.com [139.142.106.131] > Feb 2 17:34:51 ns sendmail[29668]: NOQUEUE: Null connection from > root@ns.cvvm.com [139.142.106.131] > A little script kid that fell over cgichk.c ?? Its a distinct fingerprint from that program at least. For more information check www.rootshell.com: http://www.rootshell.com/beta/view.cgi?199812 darth@vader.dk | Internet Café : Babel vader@babel.dk | Frederiksborggade 33 Chris Larsen | Phone # +45 33 33 93 38 System Manager | Open: 14-23 Mon - Sat PGP-key id: 0x137993A5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message