[Dshield] GET /invalidfilename.htm???

Paul Marsh pmarsh at nmefdn.org
Tue Jul 2 12:52:02 GMT 2002


Has anyone else seen the following in there logs?  Sorry for the lengthy log
snippet but it's two attacks.

TIA, Paul

2002-07-01 14:58:07 217.82.44.2 - GET /invalidfilename.htm - 404 604 59 0 80
- - -
2002-07-01 14:58:07 217.82.44.2 - GET /invalidfilename.cgi - 404 604 59 0 80
- - -
2002-07-01 14:58:50 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/cgi-bin/auktion.pl 404 604 58 15 80 - - -
2002-07-01 14:58:50 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/cgi-bin/simplestguest.cgi 404 604 65 47 80 - - -
2002-07-01 14:58:50 217.82.44.2 - GET /msadc/msadcs.dll - 404 604 56 0 80 -
- -
2002-07-01 14:58:50 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/script/tools/newdsn.exe 404 604 63 0 80 - - -
2002-07-01 14:58:50 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/cgi-winuploader.exe 404 604 59 0 80 - - -
2002-07-01 14:58:50 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/cgi-bin/imagemap.exe 404 604 60 0 80 - - -
2002-07-01 14:58:50 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/cgi-bin/shop.cgi 404 604 56 16 80 - - -
2002-07-01 14:58:50 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/cgi-bin/textcounter.pl 404 604 62 0 80 - - -
2002-07-01 14:58:50 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/scripts/iisadmin/ism.dll 404 604 64 0 80 - - -
2002-07-01 14:58:50 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/scripts/samples/ctguestb.idc 404 604 68 0 80 - - -
2002-07-01 14:58:50 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/scripts/perl.exe 404 604 56 0 80 - - -
2002-07-01 14:58:50 217.82.44.2 - GET /msadc/samples/ - 404 604 54 0 80 - -
-
2002-07-01 14:58:50 217.82.44.2 - GET /msadc/Samples/SELECTOR/showcode.asp -
404 604 75 16 80 - - -
2002-07-01 14:58:50 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/..%c0%af../..%c0%af../sensepost.exe 404 604 82 0 80 - - -
2002-07-01 14:58:50 217.82.44.2 - GET /etc/passwd - 404 604 83 0 80 - - -
2002-07-01 14:58:50 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/scripts/default.asp%20.pl 404 604 65 0 80 - - -
2002-07-01 14:58:50 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/scripts/fpcount.exe 404 604 59 0 80 - - -
2002-07-01 14:58:50 217.82.44.2 - GET /iisadmpwd/ - 404 604 50 0 80 - - -
2002-07-01 14:58:50 217.82.44.2 - GET /_vti_pvt/users.pwd - 404 604 58 0 80
- - -
2002-07-01 14:58:50 217.82.44.2 - GET /graphics/sml3com - 404 604 56 0 80 -
- -
2002-07-01 14:58:50 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/cgi-bin/..%255c..%255c/..%255c..%255c/..%255c..%255c/winnt/system32/cmd.ex
e 404 604 126 0 80 - - -
2002-07-01 14:58:50 217.82.44.2 - GET /index.php
|=../../../../../../../../etc/passwd 404 604 87 0 80 - - -
2002-07-01 14:58:50 217.82.44.2 - GET /index.php
|=forum/view.php&topic=../../../../../../../etc/passwd 404 604 104 0 80 - -
-
2002-07-01 14:58:51 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/..%c0%af../..%c0%af../cmd1.exe 404 604 77 0 80 - - -
2002-07-01 14:58:51 217.82.44.2 - GET /<Rejected-By-UrlScan> ~/C:/temp/\../
404 604 52 0 80 - - -
2002-07-01 14:58:51 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/cgi-bin/..%255c..%255c/..%255c..%255c/winnt/system32/cmd.exe 404 604 111 0
80 - - -
2002-07-01 14:58:51 217.82.44.2 - GET /index.php
l=../../../../../../../../etc/passwd 404 604 86 16 80 - - -
2002-07-01 14:58:51 217.82.44.2 - GET /index.php
l=forum/view.php&topic=../../../../../../../etc/passwd 404 604 104 0 80 - -
-
2002-07-01 14:58:51 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/..%c0%af../..%c0%af../cmd.exe 404 604 76 0 80 - - -
2002-07-01 14:58:52 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/..\..\..\..\..\autoexec.bat 404 604 67 0 80 - - -
2002-07-01 14:58:52 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/iisadmpwd/..%255c..%255c/..%255c..%255c/winnt/system32/cmd.exe 404 604 109
0 80 - - -
2002-07-01 14:58:53 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/iisadmpwd/sensepost.exe 404 604 70 15 80 - - -
2002-07-01 14:58:53 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/..\..\..\boot.ini 404 604 57 16 80 - - -
2002-07-01 14:58:53 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/_vti_bin/..%255c..%255c/..%255c..%255c/winnt/system32/cmd.exe 404 604 108
0 80 - - -
2002-07-01 14:58:53 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/iisadmpwd/cmd1.exe 404 604 65 0 80 - - -
2002-07-01 14:58:53 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/../../../boot.ini 404 604 57 0 80 - - -
2002-07-01 14:58:53 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/msadc/..%255c..%255c/..%255c..%255c/winnt/system32/cmd.exe 404 604 105 0
80 - - -
2002-07-01 14:58:55 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/iisadmpwd/cmd.exe 404 604 64 16 80 - - -
2002-07-01 14:58:55 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/scripts/..%255c..%255cwinnt/system32/cmd.exe 404 604 95 0 80 - - -
2002-07-01 14:58:56 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/samples/sensepost.exe 404 604 68 0 80 - - -
2002-07-01 14:58:56 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/samples/cmd1.exe 404 604 63 0 80 - - -
2002-07-01 14:58:59 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/samples/cmd.exe 404 604 62 0 80 - - -
2002-07-01 14:58:59 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/cgi-bin/sensepost.exe 404 604 68 0 80 - - -
2002-07-01 14:59:01 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/cgi-bin/cmd1.exe 404 604 63 0 80 - - -
2002-07-01 14:59:01 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/cgi-bin/cmd.exe 404 604 62 0 80 - - -
2002-07-01 14:59:02 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/vti_cnf/sensepost.exe 404 604 68 16 80 - - -
2002-07-01 14:59:06 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/vti_cnf/cmd1.exe 404 604 63 0 80 - - -
2002-07-01 14:59:06 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/vti_cnf/cmd.exe 404 604 62 0 80 - - -
2002-07-01 14:59:07 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/vti_bin/sensepost.exe 404 604 68 0 80 - - -
2002-07-01 14:59:07 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/vti_bin/cmd1.exe 404 604 63 0 80 - - -
2002-07-01 14:59:09 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/vti_bin/cmd.exe 404 604 62 0 80 - - -
2002-07-01 14:59:09 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/msadc/sensepost.exe 404 604 66 0 80 - - -
2002-07-01 14:59:10 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/msadc/cmd1.exe 404 604 61 0 80 - - -
2002-07-01 14:59:14 217.82.44.2 - GET /<Rejected-By-UrlScan> ~/msadc/cmd.exe
404 604 60 0 80 - - -
2002-07-01 14:59:14 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/scripts/sensepost.exe 404 604 68 0 80 - - -
2002-07-01 14:59:16 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/scripts/cmd1.exe 404 604 63 0 80 - - -
2002-07-01 14:59:16 217.82.44.2 - GET /<Rejected-By-UrlScan>
~/scripts/cmd.exe 404 604 62 16 80 - - -
2002-07-01 14:59:17 217.82.44.2 - GET /<Rejected-By-UrlScan> ~/sensepost.exe
404 604 60 0 80 - - -
2002-07-01 14:59:18 217.82.44.2 - GET /<Rejected-By-UrlScan> ~/cmd1.exe 404
604 55 0 80 - - -
2002-07-01 14:59:18 217.82.44.2 - GET /<Rejected-By-UrlScan> ~/cmd.exe 404
604 54 0 80 - - -


2002-07-01 17:38:03 80.129.106.43 - GET /index.asp - 200 21849 40 703 80 - -
-
2002-07-01 17:38:34 80.129.106.43 - GET /invalidfilename.htm - 404 604 59 0
80 - - -
2002-07-01 17:38:34 80.129.106.43 - GET /invalidfilename.cgi - 404 604 59 0
80 - - -
2002-07-01 17:39:17 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/cgi-bin/auktion.pl 404 604 58 16 80 - - -
2002-07-01 17:39:17 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/cgi-bin/imagemap.exe 404 604 60 0 80 - - -
2002-07-01 17:39:17 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/cgi-bin/shop.cgi 404 604 56 0 80 - - -
2002-07-01 17:39:17 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/cgi-bin/textcounter.pl 404 604 62 0 80 - - -
2002-07-01 17:39:17 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/cgi-winuploader.exe 404 604 59 0 80 - - -
2002-07-01 17:39:17 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/scripts/iisadmin/ism.dll 404 604 64 0 80 - - -
2002-07-01 17:39:17 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/scripts/samples/ctguestb.idc 404 604 68 0 80 - - -
2002-07-01 17:39:17 80.129.106.43 - GET /msadc/msadcs.dll - 404 604 56 0 80
- - -
2002-07-01 17:39:17 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/cgi-bin/simplestguest.cgi 404 604 65 0 80 - - -
2002-07-01 17:39:17 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/script/tools/newdsn.exe 404 604 63 0 80 - - -
2002-07-01 17:39:17 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/scripts/perl.exe 404 604 56 16 80 - - -
2002-07-01 17:39:17 80.129.106.43 - GET /msadc/samples/ - 404 604 54 0 80 -
- -
2002-07-01 17:39:17 80.129.106.43 - GET /msadc/Samples/SELECTOR/showcode.asp
- 404 604 75 16 80 - - -
2002-07-01 17:39:17 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/..%c0%af../..%c0%af../sensepost.exe 404 604 82 0 80 - - -
2002-07-01 17:39:17 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/scripts/default.asp%20.pl 404 604 65 0 80 - - -
2002-07-01 17:39:17 80.129.106.43 - GET /etc/passwd - 404 604 83 0 80 - - -
2002-07-01 17:39:17 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/scripts/fpcount.exe 404 604 59 0 80 - - -
2002-07-01 17:39:17 80.129.106.43 - GET /_vti_pvt/users.pwd - 404 604 58 0
80 - - -
2002-07-01 17:39:17 80.129.106.43 - GET /iisadmpwd/ - 404 604 50 0 80 - - -
2002-07-01 17:39:17 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/cgi-bin/..%255c..%255c/..%255c..%255c/..%255c..%255c/winnt/system32/cmd.ex
e 404 604 126 0 80 - - -
2002-07-01 17:39:17 80.129.106.43 - GET /graphics/sml3com - 404 604 56 0 80
- - -
2002-07-01 17:39:17 80.129.106.43 - GET /index.php
|=forum/view.php&topic=../../../../../../../etc/passwd 404 604 104 0 80 - -
-
2002-07-01 17:39:17 80.129.106.43 - GET /index.php
|=../../../../../../../../etc/passwd 404 604 87 0 80 - - -
2002-07-01 17:39:18 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/..%c0%af../..%c0%af../cmd1.exe 404 604 77 0 80 - - -
2002-07-01 17:39:18 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/C:/temp/\../ 404 604 52 15 80 - - -
2002-07-01 17:39:18 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/cgi-bin/..%255c..%255c/..%255c..%255c/winnt/system32/cmd.exe 404 604 111 0
80 - - -
2002-07-01 17:39:18 80.129.106.43 - GET /index.php
l=forum/view.php&topic=../../../../../../../etc/passwd 404 604 104 0 80 - -
-
2002-07-01 17:39:18 80.129.106.43 - GET /index.php
l=../../../../../../../../etc/passwd 404 604 86 0 80 - - -
2002-07-01 17:39:18 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/..%c0%af../..%c0%af../cmd.exe 404 604 76 0 80 - - -
2002-07-01 17:39:18 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/..\..\..\..\..\autoexec.bat 404 604 67 0 80 - - -
2002-07-01 17:39:18 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/iisadmpwd/..%255c..%255c/..%255c..%255c/winnt/system32/cmd.exe 404 604 109
0 80 - - -
2002-07-01 17:39:19 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/iisadmpwd/sensepost.exe 404 604 70 0 80 - - -
2002-07-01 17:39:19 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/..\..\..\boot.ini 404 604 57 0 80 - - -
2002-07-01 17:39:19 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/_vti_bin/..%255c..%255c/..%255c..%255c/winnt/system32/cmd.exe 404 604 108
0 80 - - -
2002-07-01 17:39:19 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/iisadmpwd/cmd1.exe 404 604 65 0 80 - - -
2002-07-01 17:39:21 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/../../../boot.ini 404 604 57 16 80 - - -
2002-07-01 17:39:22 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/iisadmpwd/cmd.exe 404 604 64 0 80 - - -
2002-07-01 17:39:22 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/samples/sensepost.exe 404 604 68 0 80 - - -
2002-07-01 17:39:23 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/samples/cmd1.exe 404 604 63 0 80 - - -
2002-07-01 17:39:23 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/msadc/..%255c..%255c/..%255c..%255c/winnt/system32/cmd.exe 404 604 105 0
80 - - -
2002-07-01 17:39:23 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/samples/cmd.exe 404 604 62 16 80 - - -
2002-07-01 17:39:25 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/scripts/..%255c..%255cwinnt/system32/cmd.exe 404 604 95 0 80 - - -
2002-07-01 17:39:25 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/cgi-bin/sensepost.exe 404 604 68 0 80 - - -
2002-07-01 17:39:26 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/cgi-bin/cmd1.exe 404 604 63 0 80 - - -
2002-07-01 17:39:26 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/cgi-bin/cmd.exe 404 604 62 16 80 - - -
2002-07-01 17:39:28 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/vti_cnf/sensepost.exe 404 604 68 0 80 - - -
2002-07-01 17:39:28 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/vti_cnf/cmd1.exe 404 604 63 0 80 - - -
2002-07-01 17:39:32 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/vti_cnf/cmd.exe 404 604 62 0 80 - - -
2002-07-01 17:39:32 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/vti_bin/sensepost.exe 404 604 68 0 80 - - -
2002-07-01 17:39:34 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/vti_bin/cmd1.exe 404 604 63 0 80 - - -
2002-07-01 17:39:34 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/vti_bin/cmd.exe 404 604 62 0 80 - - -
2002-07-01 17:39:35 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/msadc/sensepost.exe 404 604 66 0 80 - - -
2002-07-01 17:39:35 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/msadc/cmd1.exe 404 604 61 0 80 - - -
2002-07-01 17:39:37 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/msadc/cmd.exe 404 604 60 0 80 - - -
2002-07-01 17:39:37 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/scripts/sensepost.exe 404 604 68 0 80 - - -
2002-07-01 17:39:38 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/scripts/cmd1.exe 404 604 63 0 80 - - -
2002-07-01 17:39:38 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/scripts/cmd.exe 404 604 62 0 80 - - -
2002-07-01 17:39:40 80.129.106.43 - GET /<Rejected-By-UrlScan>
~/sensepost.exe 404 604 60 0 80 - - -
2002-07-01 17:39:40 80.129.106.43 - GET /<Rejected-By-UrlScan> ~/cmd1.exe
404 604 55 0 80 - - -
2002-07-01 17:39:41 80.129.106.43 - GET /<Rejected-By-UrlScan> ~/cmd.exe 404
604 54 0 80 - - -

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/list/attachments/20020702/7fffdb03/attachment.htm


More information about the list mailing list