Full Disclosure mailing list archives
RE: Need help to find web server attacks signature
From: "Discini, Sonny" <Sonny.Discini () montgomerycountymd gov>
Date: Wed, 22 Oct 2003 14:03:03 -0400
Hmmm, looks like a NITKO scan from what I see. I'll verify though. Sonny Discini Network Security Engineer Department of Technical Services Enterprise Infrastructure Division Montgomery County Government -----Original Message----- From: Maxime Ducharme [mailto:maxime () pandore-design com] Sent: Wednesday, October 22, 2003 1:40 PM To: full-disclosure () lists netsys com Subject: [Full-disclosure] Need help to find web server attacks signature Hi all, i'd need help to identify an attack that happened on one of our customer's web server yesterday, I put the log file here : http://www.pandore-design.com/security/2003-10-21-IIS-attack.txt I see some attacks that seem to be a security scanner tool, and some attacks which targets specific pages of the web site (where we begin to see 200 responses from the web server). Someone recognize a tool / virus / worm in this ? Thanks in advance for help --------------------------------------------------------------- Maxime Ducharme Administrateur reseau, Programmeur _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Need help to find web server attacks signature Discini, Sonny (Oct 22)
- <Possible follow-ups>
- Re: Need help to find web server attacks signature Maxime Ducharme (Oct 22)
- RE: Need help to find web server attacks signature Schmehl, Paul L (Oct 22)
- Re: Need help to find web server attacks signature Maxime Ducharme (Oct 22)