Security Incidents mailing list archives
Re: Need help to find web server attacks signature
From: "Tri Huynh" <trihuynh () zeeup com>
Date: Fri, 24 Oct 2003 03:27:50 -0700
I think it is an automated CGI-scanner. However, it looks like one of your asp file return ODBC error messages, which i think is not good at all. Hope that help, Trihuynh Sentryunion ----- Original Message ----- From: "Maxime Ducharme" <maxime () pandore-design com> To: <incidents () securityfocus com> Sent: Wednesday, October 22, 2003 10:43 AM Subject: Need help to find web server attacks signature
Hi all,
i'd need help to identify an attack that happened on one of our
customer's web server yesterday, I put the log file here :
http://www.pandore-design.com/security/2003-10-21-IIS-attack.txt
I see some attacks that seem to be a security scanner tool,
and some attacks which targets specific pages of the web site
(where we begin to see 200 responses from the web server).
Someone recognize a tool / virus / worm in this ?
Thanks in advance for help
---------------------------------------------------------------
Maxime Ducharme
Administrateur reseau, Programmeur
--------------------------------------------------------------------------
-
FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_incidents_031015 --------------------------------------------------------------------------
--
--------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_incidents_031023 and use priority code SF4. ----------------------------------------------------------------------------
Current thread:
- Need help to find web server attacks signature Maxime Ducharme (Oct 22)
- Re: Need help to find web server attacks signature Muhammad Naseer (Oct 22)
- Re: Need help to find web server attacks signature Fatih Özavcı (Oct 23)
- Bogus DNS traffic David Gillett (Oct 22)
- RE: Bogus DNS traffic Mike Anderson (Oct 23)
- RE: Bogus DNS traffic David Gillett (Oct 23)
- Re: Bogus DNS traffic Brian Collins (Oct 23)
- Re: Bogus DNS traffic Robert Lowe (Oct 23)
- Re: [despammed] Bogus DNS traffic whiplash (Oct 24)
- RE: Bogus DNS traffic Mike Anderson (Oct 23)
- RE: Need help to find web server attacks signature Mike Brownbill (Oct 23)
- Re: Need help to find web server attacks signature Tri Huynh (Oct 24)
- Re: Need help to find web server attacks signature Muhammad Naseer (Oct 22)