From owner-freebsd-stable Mon Mar 25 10:28:29 2002 Delivered-To: freebsd-stable@freebsd.org Received: from gsaix2.cc.GaSoU.EDU (gsaix2.cc.GaSoU.edu [141.165.1.57]) by hub.freebsd.org (Postfix) with ESMTP id 910C337B404 for ; Mon, 25 Mar 2002 10:28:08 -0800 (PST) Received: from gsaix2.cc.GaSoU.EDU (localhost [127.0.0.1]) by gsaix2.cc.GaSoU.EDU (8.12.2/8.12.2) with ESMTP id g2PIS4at037592; Mon, 25 Mar 2002 13:28:04 -0500 Received: from localhost (gsi22419@localhost) by gsaix2.cc.GaSoU.EDU (8.12.2/8.12.2/Submit) with SMTP id g2PIS3xs037552; Mon, 25 Mar 2002 13:28:03 -0500 Date: Mon, 25 Mar 2002 13:28:00 -0500 (EST) From: Scott Christopher Dodson To: Jesse Geddis Cc: Jarrod Sayers , FreeBSD-STABLE Subject: RE: attempted exploits In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG If you look at the majority of the recent problems with worms all but the latest had patches available for 6 months or more prior to major outbreaks. Don't let the facts get in the way of your opinions... -- scott On Mon, 25 Mar 2002, Jesse Geddis wrote: > wow, this is nuts. getting it from 5 hosts on the same B now lol. > seems to propagate quite well. I read through the CERT advisory. seems > like a well written worm with many points of access. certainly fills > my log files. I feel sorry for all the NT users who have to deal with > MS timetable for patches lol >=20 > -----Original Message----- > From: owner-freebsd-stable@FreeBSD.ORG > [mailto:owner-freebsd-stable@FreeBSD.ORG]On Behalf Of Jarrod Sayers > Sent: Sunday, March 24, 2002 9:58 PM > To: 'sgeine@yahoo.com'; FreeBSD-STABLE > Subject: RE: attempted exploits >=20 >=20 > Welcome back Nimda! We have noticed a sharp rise in the number of > attacks > starting over the weekend here. >=20 > Jarrod Sayers > Information Technology Services Unit > University of South Australia, Magill Campus. > Phone: +61 8 8302 4809 > http://people.unisa.edu.au/jarrod.sayers >=20 >=20 > > -----Original Message----- > > From: Jesse Geddis [mailto:sgeine@yahoo.com] > > Sent: Monday, 25 March 2002 4:23 PM > > To: FreeBSD-STABLE > > Subject: attempted exploits > > > > > > wow, this person is quite effective. they've been trying this since > > this morning 4mins after i got my web server up. been doing it every > > half hour for 7 hours lol. trying to execute arbitrary Windows code > on > > a FreeBSD server! > > > > [Sun Mar 24 20:41:55 2002] [error] [client 63.198.148.139] File does > > not exist: /archive/www/cia/scripts/..=C1../winnt/system32/cmd.exe > > [Sun Mar 24 20:42:05 2002] [error] [client 63.198.148.139] File does > > not exist: /archive/www/cia/scripts/..=C0=AF../winnt/system32/cmd.exe > > [Sun Mar 24 20:42:10 2002] [error] [client 63.198.148.139] File does > > not exist: /archive/www/cia/scripts/..=C1../winnt/system32/cmd.exe > > [Sun Mar 24 20:42:29 2002] [error] [client 63.198.148.139] File does > > not exist: /archive/www/cia/scripts/..%5c../winnt/system32/cmd.exe > > [Sun Mar 24 21:13:11 2002] [error] [client 63.198.148.139] File does > > not exist: /archive/www/cia/scripts/root.exe > > [Sun Mar 24 21:13:12 2002] [error] [client 63.198.148.139] File does > > not exist: /archive/www/cia/MSADC/root.exe > > [Sun Mar 24 21:13:13 2002] [error] [client 63.198.148.139] File does > > not exist: /archive/www/cia/c/winnt/system32/cmd.exe > > [Sun Mar 24 21:13:14 2002] [error] [client 63.198.148.139] File does > > not exist: /archive/www/cia/d/winnt/system32/cmd.exe > > [Sun Mar 24 21:13:15 2002] [error] [client 63.198.148.139] File does > > not exist: /archive/www/cia/scripts/..%5c../winnt/system32/cmd.exe > > [Sun Mar 24 21:13:17 2002] [error] [client 63.198.148.139] File does > > not exist: > > > /archive/www/cia/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.e > > xe > > [Sun Mar 24 21:13:19 2002] [error] [client 63.198.148.139] File does > > not exist: > > > /archive/www/cia/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.e > > xe > > [Sun Mar 24 21:13:20 2002] [error] [client 63.198.148.139] File does > > not exist: > > > /archive/www/cia/msadc/..%5c../..%5c../..%5c/..=C1../..=C1../..=C1../winn= t/s > > ystem32 > > /cmd.exe > > > > Jesse Geddis > > > > > > > > "My fellow Americans, I've signed legislation that will outlaw > Russia > > forever. We begin bombing in five minutes." > > --Ronald Reagan > > > > > > _________________________________________________________ > > Do You Yahoo!? > > Get your free @yahoo.com address at http://mail.yahoo.com > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-stable" in the body of the message > > > > > > >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message >=20 >=20 > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message >=20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message