R: Presentation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Joaquin 

CONCERNING

>>>>
218.4.59.220 - - [06/Oct/2002:22:44:49 -0600] "GET  
/ 
default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN 
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN 
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN 
NNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u90 
90%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u00 
78%u0000%u00=a  HTTP/1.0" 400 352
pd9ebef87.dip.t-dialin.net - - [07/Oct/2002:00:54:18 -0600] "HEAD /  
HTTP/1.0" 200 0
ixde7561-90.pool.007mundo.com - - [07/Oct/2002:03:39:00 -0600] "GET  
/scripts/root.exe?/c+dir HTTP/1.0" 404 310
ixde7561-90.pool.007mundo.com - - [07/Oct/2002:03:39:02 -0600] "GET  
/MSADC/root.exe?/c+dir HTTP/1.0" 404 308
ixde7561-90.pool.007mundo.com - - [07/Oct/2002:03:39:04 -0600] "GET  
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 318
>>>>>>>>>>>>>>>>>>>>>>>>>>>

This an ATTACK regarding Microsoft Internet Information Server, hosted by
Microsoft Windows Systems.
So just ajust you Web Server logs in order to wipe this log's entries out.


FOR THIS.. your use IPTABLES to filter...
Since then, I'm getting constantly these in the messages log:

Oct  7 20:59:16 Linolio kernel: IN=ppp0 OUT= MAC= SRC=64.172.120.252  
DST=200.67.218.219 LEN=78 TOS=0x00 PREC=0x00 TTL=113 ID=50988 PROTO=UDP  
SPT=1025 DPT=137 LEN=58
Oct  7 21:03:32 Linolio kernel: IN=ppp0 OUT= MAC= SRC=61.99.136.75  
DST=200.67.218.219 LEN=78 TOS=0x00 PREC=0x00 TTL=107 ID=63978 PROTO=UDP  
SPT=1027 DPT=137 LEN=58
Oct  7 21:04:46 Linolio kernel: IN=ppp0 OUT= MAC= SRC=210.178.168.234  
DST=200.67.218.219 LEN=78 TOS=0x00 PREC=0x00 TTL=106 ID=54964 PROTO=UDP  
SPT=1026 DPT=137 LEN=58
Oct  7 21:05:46 Linolio kernel: IN=ppp0 OUT= MAC= SRC=210.221.225.151  
DST=200.67.218.219 LEN=78 TOS=0x00 PREC=0x00 TTL=111 ID=6399 PROTO=UDP  
SPT=1026 DPT=137 LEN=58
Oct  7 21:06:05 Linolio kernel: IN=ppp0 OUT= MAC= SRC=163.180.21.160  
DST=200.67.218.219 LEN=78 TOS=0x00 PREC=0x00 TTL=106 ID=4819 PROTO=UDP  
SPT=1043 DPT=137 LEN=58

Bye Fredie
------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux