new http scan?
paw at noh.ucsd.edu
Fri Mar 22 19:03:43 GMT 2002
Hmm. In the past two days we've started to see long http (IIS)
scans from several hosts. They're all looking for a way to execute
cmd.exe, and seem to start with "GET /galaxy_<somerandomnum>" and
try to exploit a.asp, adsamples, PBServer, and Rpc as well as the
more usual directory traversal attacks.
Has anyone else seen this? What's the "galaxy" bit about?
Network Security Manager
UCSD ACS/Network Operations
paw at ucsd.edu
6F3A AE75 F931 3A19 D207 19F3 DB9B 29DC 2C3F E015
More information about the unisog