From owner-freebsd-stable Sun Mar 24 21:58:29 2002 Delivered-To: freebsd-stable@freebsd.org Received: from exstaff9.city.unisa.edu.au (exstaff9.city.unisa.edu.au [130.220.84.77]) by hub.freebsd.org (Postfix) with ESMTP id 81A9B37B419 for ; Sun, 24 Mar 2002 21:58:14 -0800 (PST) Received: by exstaff9.city.unisa.edu.au with Internet Mail Service (5.5.2655.55) id ; Mon, 25 Mar 2002 16:28:12 +1030 Message-ID: From: Jarrod Sayers To: "'sgeine@yahoo.com'" , FreeBSD-STABLE Subject: RE: attempted exploits Date: Mon, 25 Mar 2002 16:28:05 +1030 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2655.55) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Welcome back Nimda! We have noticed a sharp rise in the number of = attacks starting over the weekend here. Jarrod Sayers=20 Information Technology Services Unit=20 University of South Australia, Magill Campus.=20 Phone: +61 8 8302 4809=20 http://people.unisa.edu.au/jarrod.sayers=20 > -----Original Message----- > From: Jesse Geddis [mailto:sgeine@yahoo.com] > Sent: Monday, 25 March 2002 4:23 PM > To: FreeBSD-STABLE > Subject: attempted exploits >=20 >=20 > wow, this person is quite effective. they've been trying this since > this morning 4mins after i got my web server up. been doing it every > half hour for 7 hours lol. trying to execute arbitrary Windows code = on > a FreeBSD server! >=20 > [Sun Mar 24 20:41:55 2002] [error] [client 63.198.148.139] File does > not exist: /archive/www/cia/scripts/..=C1../winnt/system32/cmd.exe > [Sun Mar 24 20:42:05 2002] [error] [client 63.198.148.139] File does > not exist: /archive/www/cia/scripts/..=C0=AF../winnt/system32/cmd.exe > [Sun Mar 24 20:42:10 2002] [error] [client 63.198.148.139] File does > not exist: /archive/www/cia/scripts/..=C1../winnt/system32/cmd.exe > [Sun Mar 24 20:42:29 2002] [error] [client 63.198.148.139] File does > not exist: /archive/www/cia/scripts/..%5c../winnt/system32/cmd.exe > [Sun Mar 24 21:13:11 2002] [error] [client 63.198.148.139] File does > not exist: /archive/www/cia/scripts/root.exe > [Sun Mar 24 21:13:12 2002] [error] [client 63.198.148.139] File does > not exist: /archive/www/cia/MSADC/root.exe > [Sun Mar 24 21:13:13 2002] [error] [client 63.198.148.139] File does > not exist: /archive/www/cia/c/winnt/system32/cmd.exe > [Sun Mar 24 21:13:14 2002] [error] [client 63.198.148.139] File does > not exist: /archive/www/cia/d/winnt/system32/cmd.exe > [Sun Mar 24 21:13:15 2002] [error] [client 63.198.148.139] File does > not exist: /archive/www/cia/scripts/..%5c../winnt/system32/cmd.exe > [Sun Mar 24 21:13:17 2002] [error] [client 63.198.148.139] File does > not exist: > = /archive/www/cia/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.e > xe > [Sun Mar 24 21:13:19 2002] [error] [client 63.198.148.139] File does > not exist: > = /archive/www/cia/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.e > xe > [Sun Mar 24 21:13:20 2002] [error] [client 63.198.148.139] File does > not exist: > = /archive/www/cia/msadc/..%5c../..%5c../..%5c/..=C1../..=C1../..=C1../win= nt/s > ystem32 > /cmd.exe >=20 > Jesse Geddis >=20 >=20 >=20 > "My fellow Americans, I've signed legislation that will outlaw Russia > forever. We begin bombing in five minutes." > --Ronald Reagan >=20 >=20 > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message >=20 >=20 >=20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message