Date: Mon, 25 Mar 2002 10:24:08 -0800 From: "Jesse Geddis" <sgeine@yahoo.com> To: "Jarrod Sayers" <Jarrod.Sayers@unisa.edu.au>, "FreeBSD-STABLE" <freebsd-stable@freebsd.org> Subject: RE: attempted exploits Message-ID: <NGBBKILMGLGEDIHMGJANMELGCBAA.sgeine@yahoo.com> In-Reply-To: <E1962E8F1DF0D411878300A0C9ACB0F9022ABD3E@exstaff4.magill.unisa.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
wow, this is nuts. getting it from 5 hosts on the same B now lol. seems to propagate quite well. I read through the CERT advisory. seems like a well written worm with many points of access. certainly fills my log files. I feel sorry for all the NT users who have to deal with MS timetable for patches lol -----Original Message----- From: owner-freebsd-stable@FreeBSD.ORG [mailto:owner-freebsd-stable@FreeBSD.ORG]On Behalf Of Jarrod Sayers Sent: Sunday, March 24, 2002 9:58 PM To: 'sgeine@yahoo.com'; FreeBSD-STABLE Subject: RE: attempted exploits Welcome back Nimda! We have noticed a sharp rise in the number of attacks starting over the weekend here. Jarrod Sayers Information Technology Services Unit University of South Australia, Magill Campus. Phone: +61 8 8302 4809 http://people.unisa.edu.au/jarrod.sayers > -----Original Message----- > From: Jesse Geddis [mailto:sgeine@yahoo.com] > Sent: Monday, 25 March 2002 4:23 PM > To: FreeBSD-STABLE > Subject: attempted exploits > > > wow, this person is quite effective. they've been trying this since > this morning 4mins after i got my web server up. been doing it every > half hour for 7 hours lol. trying to execute arbitrary Windows code on > a FreeBSD server! > > [Sun Mar 24 20:41:55 2002] [error] [client 63.198.148.139] File does > not exist: /archive/www/cia/scripts/..Á../winnt/system32/cmd.exe > [Sun Mar 24 20:42:05 2002] [error] [client 63.198.148.139] File does > not exist: /archive/www/cia/scripts/..À¯../winnt/system32/cmd.exe > [Sun Mar 24 20:42:10 2002] [error] [client 63.198.148.139] File does > not exist: /archive/www/cia/scripts/..Á../winnt/system32/cmd.exe > [Sun Mar 24 20:42:29 2002] [error] [client 63.198.148.139] File does > not exist: /archive/www/cia/scripts/..%5c../winnt/system32/cmd.exe > [Sun Mar 24 21:13:11 2002] [error] [client 63.198.148.139] File does > not exist: /archive/www/cia/scripts/root.exe > [Sun Mar 24 21:13:12 2002] [error] [client 63.198.148.139] File does > not exist: /archive/www/cia/MSADC/root.exe > [Sun Mar 24 21:13:13 2002] [error] [client 63.198.148.139] File does > not exist: /archive/www/cia/c/winnt/system32/cmd.exe > [Sun Mar 24 21:13:14 2002] [error] [client 63.198.148.139] File does > not exist: /archive/www/cia/d/winnt/system32/cmd.exe > [Sun Mar 24 21:13:15 2002] [error] [client 63.198.148.139] File does > not exist: /archive/www/cia/scripts/..%5c../winnt/system32/cmd.exe > [Sun Mar 24 21:13:17 2002] [error] [client 63.198.148.139] File does > not exist: > /archive/www/cia/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.e > xe > [Sun Mar 24 21:13:19 2002] [error] [client 63.198.148.139] File does > not exist: > /archive/www/cia/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.e > xe > [Sun Mar 24 21:13:20 2002] [error] [client 63.198.148.139] File does > not exist: > /archive/www/cia/msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/s > ystem32 > /cmd.exe > > Jesse Geddis > > > > "My fellow Americans, I've signed legislation that will outlaw Russia > forever. We begin bombing in five minutes." > --Ronald Reagan > > > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NGBBKILMGLGEDIHMGJANMELGCBAA.sgeine>