Re: Nimda

Subject: Re: Nimda
From: Brian Watson (bcwatso1@uiuc.edu)
Date: Fri Sep 21 2001 - 13:35:48 MDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Chuq Von Rospach: "Re: Nimda"
• Previous message: fulghum, matt: "RE: Nimda"
• In reply to: Brian Watson: "Nimda"
• Next in thread: Robert Brandtjen: "Re: Nimda"
• Next in thread: Chuq Von Rospach: "Re: Nimda"
• Reply: Brian Watson: "Re: Nimda"

>24.129.1.10 - - [18/Sep/2001:13:11:31 -0400] "GET
>/scripts/root.exe?/c+dir HTTP$
>24.129.1.10 - - [18/Sep/2001:13:11:31 -0400] "GET
>/MSADC/root.exe?/c+dir HTTP/1$
>24.129.1.10 - - [18/Sep/2001:13:11:32 -0400] "GET
>/c/winnt/system32/cmd.exe?/c+$
>24.129.1.10 - - [18/Sep/2001:13:11:33 -0400] "GET
>/d/winnt/system32/cmd.exe?/c+$
>24.129.1.10 - - [18/Sep/2001:13:11:34 -0400] "GET
>/scripts/..%255c../winnt/syst$
>24.129.1.10 - - [18/Sep/2001:13:11:34 -0400] "GET
>/_vti_bin/..%255c../..%255c..$
>24.129.1.10 - - [18/Sep/2001:13:11:35 -0400] "GET
>/_mem_bin/..%255c../..%255c..$
>
>Is this a Nimda infected machine?
>
>--Brian

Does anyone have a good nimda script? my access log has over 14k
lines of nimda attempts in the past two days!! :(

--Brian

• Next message: Chuq Von Rospach: "Re: Nimda"
• Previous message: fulghum, matt: "RE: Nimda"
• In reply to: Brian Watson: "Nimda"
• Next in thread: Robert Brandtjen: "Re: Nimda"
• Next in thread: Chuq Von Rospach: "Re: Nimda"
• Reply: Brian Watson: "Re: Nimda"

This archive was generated by hypermail 2a24 : Fri Sep 21 2001 - 12:46:48 MDT