Security Incidents mailing list archives
Re: Need help to find web server attacks signature
From: Fatih Özavcı <holden () siyahsapka com>
Date: 23 Oct 2003 11:38:19 +0000
Maybe attacker used a cgi scanner like whisker or nikto. This log contains some whell-known vulnerable cgi's, misconfigured admin pages and vulnerable php applications. I don't think it's Retina. Retina can scan only some whell-known vulnerabilities or buffer overflows and focused windows applications. But i found some cgi applications for *nix in this log. I think it's a cgi scanner. -- Fatih Ozavci IT Security Consultant On Wed, 2003-10-22 at 19:23, Muhammad Naseer wrote:
Sounds to be Retina using CHM for HTTP. Naseer ----- Original Message ----- From: "Maxime Ducharme" <maxime () pandore-design com> To: <incidents () securityfocus com> Sent: Wednesday, October 22, 2003 10:43 PM Subject: Need help to find web server attacks signatureHi all, i'd need help to identify an attack that happened on one of our customer's web server yesterday, I put the log file here : http://www.pandore-design.com/security/2003-10-21-IIS-attack.txt I see some attacks that seem to be a security scanner tool, and some attacks which targets specific pages of the web site (where we begin to see 200 responses from the web server). Someone recognize a tool / virus / worm in this ? Thanks in advance for help --------------------------------------------------------------- Maxime Ducharme Administrateur reseau, Programmeur ---------------------------------------------------------------------------FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_incidents_031015 ------------------------------------------------------------------------------------------------------------------------------------------------------- FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_incidents_031015
--------------------------------------------------------------------------- FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_incidents_031015 ----------------------------------------------------------------------------
Current thread:
- Need help to find web server attacks signature Maxime Ducharme (Oct 22)
- Re: Need help to find web server attacks signature Muhammad Naseer (Oct 22)
- Re: Need help to find web server attacks signature Fatih Özavcı (Oct 23)
- Bogus DNS traffic David Gillett (Oct 22)
- RE: Bogus DNS traffic Mike Anderson (Oct 23)
- RE: Bogus DNS traffic David Gillett (Oct 23)
- Re: Bogus DNS traffic Brian Collins (Oct 23)
- Re: Bogus DNS traffic Robert Lowe (Oct 23)
- Re: [despammed] Bogus DNS traffic whiplash (Oct 24)
- RE: Bogus DNS traffic Mike Anderson (Oct 23)
- RE: Need help to find web server attacks signature Mike Brownbill (Oct 23)
- Re: Need help to find web server attacks signature Tri Huynh (Oct 24)
- Re: Need help to find web server attacks signature Muhammad Naseer (Oct 22)