Sure thing... x=source ip y=dest ip (my srvr) 2001-06-17 03:18:24 x.x.x.x - W3SVC3 AMJERI00 y.y.y.y GET /blabla.idc - 500 0 312 175 63 80 HTTP/1.0 VoidEYE+CGI+security+scanner - - 2001-06-17 03:18:24 x.x.x.x - W3SVC3 AMJERI00 y.y.y.y GET /blabla.idq - 200 0 188 175 250 80 HTTP/1.0 VoidEYE+CGI+security+scanner - - 2001-06-17 03:18:25 x.x.x.x - W3SVC3 AMJERI00 y.y.y.y GET /blabla.ida - 200 0 188 175 16 80 HTTP/1.0 VoidEYE+CGI+security+scanner - - 2001-06-17 03:18:25 x.x.x.x - W3SVC3 AMJERI00 y.y.y.y GET /blabla.idw - 404 2 604 175 47 80 HTTP/1.0 VoidEYE+CGI+security+scanner - - 2001-06-17 03:18:25 x.x.x.x - W3SVC3 AMJERI00 y.y.y.y GET /msadc/msadcs.dll - 404 3 604 181 32 80 HTTP/1.0 VoidEYE+CGI+security+scanner - - 2001-06-17 03:18:27 x.x.x.x - W3SVC3 AMJERI00 y.y.y.y GET /blabla.idc - 500 0 312 175 16 80 HTTP/1.0 VoidEYE+CGI+security+scanner - - -----Original Message----- From: SmartHackers [mailto:martinezat_private] Sent: Thursday, June 21, 2001 2:43 PM To: incidentsat_private Subject: Probe for index server .ida Has anyone been probed by sources looking for the new Microsoft IIS hole MS01-033 released the other day. If you have, I would be very interested in obtaining a copy of your logs if you still have them. Thanks _____________________________________________________________ Sign up for FREE email from SmartHackers at http://www.smarthackers.com
This archive was generated by hypermail 2b30 : Sun Jun 24 2001 - 19:55:05 PDT