Date: Mon, 25 Mar 2002 13:22:22 -0500 From: Mike Tancsa <mike@sentex.net> To: sgeine@yahoo.com, freebsd-stable@FreeBSD.ORG Subject: RE: attempted exploits Message-ID: <5.1.0.14.0.20020325132039.0240a4b0@marble.sentex.ca> In-Reply-To: <NGBBKILMGLGEDIHMGJANMELGCBAA.sgeine@yahoo.com> References: <E1962E8F1DF0D411878300A0C9ACB0F9022ABD3E@exstaff4.magill.unisa.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
There are / were patches to NIMDA/Code Red etc for some time *before* the=20
first appearance of the worm...
---Mike
At 10:24 AM 3/25/02 -0800, Jesse Geddis wrote:
>my log files. I feel sorry for all the NT users who have to deal with
>MS timetable for patches lol
>
>-----Original Message-----
>From: owner-freebsd-stable@FreeBSD.ORG
>[mailto:owner-freebsd-stable@FreeBSD.ORG]On Behalf Of Jarrod Sayers
>Sent: Sunday, March 24, 2002 9:58 PM
>To: 'sgeine@yahoo.com'; FreeBSD-STABLE
>Subject: RE: attempted exploits
>
>
>Welcome back Nimda! We have noticed a sharp rise in the number of
>attacks
>starting over the weekend here.
>
>Jarrod Sayers
>Information Technology Services Unit
>University of South Australia, Magill Campus.
>Phone: +61 8 8302 4809
>http://people.unisa.edu.au/jarrod.sayers
>
>
> > -----Original Message-----
> > From: Jesse Geddis [mailto:sgeine@yahoo.com]
> > Sent: Monday, 25 March 2002 4:23 PM
> > To: FreeBSD-STABLE
> > Subject: attempted exploits
> >
> >
> > wow, this person is quite effective. they've been trying this since
> > this morning 4mins after i got my web server up. been doing it every
> > half hour for 7 hours lol. trying to execute arbitrary Windows code
>on
> > a FreeBSD server!
> >
> > [Sun Mar 24 20:41:55 2002] [error] [client 63.198.148.139] File does
> > not exist: /archive/www/cia/scripts/..=C1../winnt/system32/cmd.exe
> > [Sun Mar 24 20:42:05 2002] [error] [client 63.198.148.139] File does
> > not exist: /archive/www/cia/scripts/..=C0=AF../winnt/system32/cmd.exe
> > [Sun Mar 24 20:42:10 2002] [error] [client 63.198.148.139] File does
> > not exist: /archive/www/cia/scripts/..=C1../winnt/system32/cmd.exe
> > [Sun Mar 24 20:42:29 2002] [error] [client 63.198.148.139] File does
> > not exist: /archive/www/cia/scripts/..%5c../winnt/system32/cmd.exe
> > [Sun Mar 24 21:13:11 2002] [error] [client 63.198.148.139] File does
> > not exist: /archive/www/cia/scripts/root.exe
> > [Sun Mar 24 21:13:12 2002] [error] [client 63.198.148.139] File does
> > not exist: /archive/www/cia/MSADC/root.exe
> > [Sun Mar 24 21:13:13 2002] [error] [client 63.198.148.139] File does
> > not exist: /archive/www/cia/c/winnt/system32/cmd.exe
> > [Sun Mar 24 21:13:14 2002] [error] [client 63.198.148.139] File does
> > not exist: /archive/www/cia/d/winnt/system32/cmd.exe
> > [Sun Mar 24 21:13:15 2002] [error] [client 63.198.148.139] File does
> > not exist: /archive/www/cia/scripts/..%5c../winnt/system32/cmd.exe
> > [Sun Mar 24 21:13:17 2002] [error] [client 63.198.148.139] File does
> > not exist:
> >
>/archive/www/cia/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.e
> > xe
> > [Sun Mar 24 21:13:19 2002] [error] [client 63.198.148.139] File does
> > not exist:
> >
>/archive/www/cia/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.e
> > xe
> > [Sun Mar 24 21:13:20 2002] [error] [client 63.198.148.139] File does
> > not exist:
> >
>/archive/www/cia/msadc/..%5c../..%5c../..%5c/..=C1../..=C1../..=C1../winnt/=
s
> > ystem32
> > /cmd.exe
> >
> > Jesse Geddis
> >
> >
> >
> > "My fellow Americans, I've signed legislation that will outlaw
>Russia
> > forever. We begin bombing in five minutes."
> > --Ronald Reagan
> >
> >
> > _________________________________________________________
> > Do You Yahoo!?
> > Get your free @yahoo.com address at http://mail.yahoo.com
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-stable" in the body of the message
> >
> >
> >
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-stable" in the body of the message
>
>
>_________________________________________________________
>Do You Yahoo!?
>Get your free @yahoo.com address at http://mail.yahoo.com
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-stable" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20020325132039.0240a4b0>