[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[stalk:00889] WEB-IIS multiple decode attempt
- To: security-talk@xxxxxxxxxxxxxxxxxxxx
- Subject: [stalk:00889] WEB-IIS multiple decode attempt
- From: Minoru Hagiyama <hagiyama@xxxxxxxxxx>
- Date: Tue, 18 Sep 2001 23:36:53 +0900
はぎやまです。
Tue Sep 18 22:13:44 2001 頃から Tue Sep 18 23:13:20 2001 まで
の間に、5つのホストから WEB-IIS multiple decode attempt を受け
ています。
例えば
[Tue Sep 18 23:13:01 2001] [error] [client 61.xx.xx.xxx] File does not exist: /h
ome/httpd/html/scripts/root.exe
[Tue Sep 18 23:13:02 2001] [error] [client 61.xx.xx.xxx] File does not exist: /h
ome/httpd/html/MSADC/root.exe
[Tue Sep 18 23:13:05 2001] [error] [client 61.xx.xx.xxx] File does not exist: /h
ome/httpd/html/c/winnt/system32/cmd.exe
[Tue Sep 18 23:13:06 2001] [error] [client 61.xx.xx.xxx] File does not exist: /h
ome/httpd/html/d/winnt/system32/cmd.exe
[Tue Sep 18 23:13:06 2001] [error] [client 61.xx.xx.xxx] File does not exist: /h
ome/httpd/html/scripts/..%5c../winnt/system32/cmd.exe
[Tue Sep 18 23:13:13 2001] [error] [client 61.xx.xx.xxx] File does not exist: /h
ome/httpd/html/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
[Tue Sep 18 23:13:13 2001] [error] [client 61.xx.xx.xxx] File does not exist: /h
ome/httpd/html/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
[Tue Sep 18 23:13:14 2001] [error] [client 61.xx.xx.xxx] File does not exist: /h
ome/httpd/html/msadc/..%5c../..%5c../..%5c/..<C1>^\../..<C1>^\../..<C1>^\../winn
t/system32/cmd.exe
こんな感じです。
未だ詳細については調査中ですが、どのホストも同じような攻撃コード
を送っているようです。
--
萩 山 実
hagiyama@xxxxxxxxxx
http://www.arsp.ne.jp/gw2/
--
- このメイリングリストに関する質問・問い合せ等は
- <security-talk@xxxxxxxxxx>までお知らせください
--
------------------------------------------------------------------------
ニュース速報! はインフォシークで!!
http://www.infoseek.co.jp/Home?pg=Home.html&svx=971122