[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] C drive hack

Subject: Re: [cobalt-users] C drive hack
From: "Per M Knutsen" <per.knutsen@xxxxxxxxxxxxxx>
Date: Tue Sep 18 17:36:01 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> >www.adifferentsite.com 66.12.10.51 - - [18/Sep/2001:06:51:16 -0700] "GET
> >/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 254 "-"
"-"
>
>
> This one is going to be ugly...I have been hit 6500 times in the last 4
> hours.  I am getting about 50 a minute....

With the number of hits you report, I would assume local machines are
spewing out all this garbage. Maybe your co-lo should take some action to
have the offended Windoze machines shut down?

For those craving more info, see
http://www.trusecure.com/html/tspub/hypeorhot/rxalerts/tsa01024_cid177.shtml

There must be some DoS element to this worm, given all the hits. Has anyone
taken any pre-cautionary steps they would like to share with the group?


Per M Knutsen
http://nethut.no/~pknutsen

Follow-Ups:
- Re: [cobalt-users] C drive hack
  - From: DenIT Internet Services [Thijs]

References:
- RE: [cobalt-users] C drive hack
  - From: Scott w

Prev by Date: Re: [cobalt-users] Extensive Hack Attack - Was C drive hack
Next by Date: Re: [cobalt-users] C drive hack
Previous by thread: RE: [cobalt-users] C drive hack
Next by thread: Re: [cobalt-users] C drive hack

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index