Security Basics mailing list archives
RE: Suspicious IIS Log entry
From: "Paul Kurczaba" <paul () myipis com>
Date: Tue, 9 Sep 2003 16:10:57 -0400
The first entry is the Code Red II Worm: http://www.cert.org/incident_notes/IN-2001-09.html http://www.microsoft.com/technet/treeview/default.asp?url=/technet/securit y/virus/newred.asp The second entry is the Nimda Worm: http://www.cert.org/advisories/CA-2001-26.html http://www.microsoft.com/technet/treeview/default.asp?url=/technet/securit y/virus/nimda.asp -Paul Kurczaba -----Original Message----- From: Toby Schau [mailto:Toby.Schau () iacudiv state ia us] Sent: Tuesday, September 09, 2003 12:43 PM To: 'Security-Basics () Securityfocus com' Subject: Suspicious IIS Log entry I found the following suspicious entries in my IIS log files. Does anyone recognize the specific vulnerabilities that are attempted to be exploited? [ex030809.log (20)] : 2003-08-09 05:14:10 xxx.xx.xx.xx- xx.xx.xx.xx 80 GET /default.ida XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u 90 90%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090 %u 9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a 404 - [ex030908.log (201)] : 2003-09-08 06:31:02 xx.xxxxx.xxx - xxx.xx.xxx.xx 80 GET /<Rejected-By-UrlScan> ~/scripts/..%255c%255c../winnt/system32/cmd.exe 404 - Thanks -------------------------------------------------------------------------- - Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm -------------------------------------------------------------------------- --
Attachment:
smime.p7s
Description:
Current thread:
- Suspicious IIS Log entry Toby Schau (Sep 09)
- RE: Suspicious IIS Log entry Michael Moeller (Sep 09)
- Re: Suspicious IIS Log entry Tomasz Onyszko (Sep 09)
- Re: Suspicious IIS Log entry Flhex (Sep 09)
- RE: Suspicious IIS Log entry Paul Kurczaba (Sep 09)
- Re: Suspicious IIS Log entry Sean Earp (Sep 09)
- RE: Suspicious IIS Log entry Joey Peloquin (Sep 09)
- RE: Suspicious IIS Log entry Byron Copeland (Sep 10)
- Re: Suspicious IIS Log entry Tomas Wolf (Sep 10)