Re: eEyeIsTheBest seen in http?

[niceshorts () yahoo com]

Tom Sevy hat geschrieben:

> Has anyone else seen this?
>
> I am seeing a handful of these, from internal machines, sometimes going to
> other segments in the network as well as to outside systems (web servers).
>
>
>
> Generated by ACID v0.9.6b13 on Thu September 27, 2001 16:33:32
>
> ----------------------------------------------------------------------------
> --
> #(4 - 58002) [2001-09-27 15:37:22]  WEB-IIS cmd.exe Out
> IPv4: 192.xxx.xx.xx -> xxx.xx.x.xx   
>      hlen=5 TOS=0 dlen=217 ID=5482 flags=0 offset=0 TTL=128 chksum=27285
> TCP:  port=4850 -> dport: 80  flags=***AP*** seq=3028858
>      ack=2830731072 off=5 res=0 win=8490 urp=0 chksum=7675
> Payload:  length = 167
>
> 000 : 47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25   GET /scripts/..%
> 010 : 35 63 2E 2E 25 35 63 2E 2E 25 35 63 2E 2E 25 35   5c..%5c..%5c..%5
> 020 : 63 77 69 6E 6E 74 2F 73 79 73 74 65 6D 33 32 2F   cwinnt/system32/
> 030 : 63 6D 64 2E 65 78 65 3F 2F 63 2B 65 63 68 6F 20   cmd.exe?/c+echo 
> 040 : 65 45 79 65 49 73 54 68 65 42 65 73 74 20 49 73   eEyeIsTheBest Is
> 050 : 54 68 65 42 65 73 74 20 48 54 54 50 2F 31 2E 31   TheBest HTTP/1.1
> 060 : 0D 0A 48 6F 73 74 3A 20 65 65 79 65 0D 0A 55 73   ..Host: eeye..Us
> 070 : 65 72 2D 41 67 65 6E 74 3A 20 4D 6F 7A 69 6C 6C   er-Agent: Mozill
> 080 : 61 2F 34 2E 30 20 28 63 6F 6D 70 61 74 69 62 6C   a/4.0 (compatibl
> 090 : 65 3B 20 4D 53 49 45 20 35 2E 30 31 3B 20 57 69   e; MSIE 5.01; Wi
> 0a0 : 6E 64 6F 77 73 20 4E                              ndows N

    This is eEye's free Retina scanner for Nimda.

    I wouldn't worry about it.

-- 
HTTP request sent, awaiting response... 404 Object Not Found
ERROR 404: Object Not Found.


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users