This is guaranteed to be a tool of some sort. Perhaps something nessus-like. You may want to try and search the archives. Someone posted a similar scan a couple of weeks ago, and I'm not sure what became of the thread... Keith -----Original Message----- From: Hill, James [mailto:jhillat_private] Sent: Tuesday, September 04, 2001 11:10 AM To: 'incidentsat_private' Subject: Question I have been getting this on the two web servers I run internally (Apache Using Jakarta). After a long weekend I came in and started reading my logs, and noticed this on both the web servers almost identical information on them. My question is this a tool (script) doing this and is it something that is doing mass scans? JH --->LOG 2001-09-03 11:11:07 - Ctx( ): 404 R( + /C:/temp/\../ + null) null 2001-09-03 11:11:07 - Ctx( ): 404 R( + /usr/bin/FlagShip_c + null) null 2001-09-03 11:11:07 - Ctx( ): 404 R( + /cgi-bin/bb-rep.sh + null) null 2001-09-03 11:11:07 - Ctx( ): 404 R( + /Sites/Knowledge/Membership/Inspiredtut orial/ViewCode.asp + null) null 2001-09-03 11:11:07 - Ctx( ): 404 R( + /WCB/databases/instructors.passwd + nul l) null 2001-09-03 11:11:07 - Ctx( ): 404 R( + /perl/files.pl + null) null 2001-09-03 11:11:07 - Ctx( ): 404 R( + /usr/bin/FSserial + null) null 2001-09-03 11:11:07 - Ctx( ): 404 R( + /Sites/Knowledge/Membership/Inspired/Vi ewCode.asp + null) null 2001-09-03 11:11:07 - Ctx( ): 404 R( + /_vti_pvt/users.pwd + null) null 2001-09-03 11:11:07 - Ctx( ): 404 R( + SnapStream + null) null 2001-09-03 11:11:08 - Ctx( ): 404 R( + /usr/bin/FSserial + null) null 2001-09-03 11:11:08 - Ctx( ): 404 R( + /..?»../..?»../cmd1.exe + null) null 2001-09-03 11:11:08 - Ctx( ): 404 R( + /Sites/Knowledge/Membership/Inspired/Vi ewCode.asp + null) null 2001-09-03 11:11:08 - Ctx( ): 404 R( + /..\..\..\..\..\autoexec.bat + null) nu ll 2001-09-03 11:11:08 - Ctx( ): 404 R( + /cgi-bin/replicator/webpage.cgi/ + null ) null 2001-09-03 11:11:08 - Ctx( ): 404 R( + /scripts/tradecli.dll + null) null 2001-09-03 11:11:08 - Ctx( ): 404 R( + /cgi-bin/cart.pl + null) null 2001-09-03 11:11:08 - Ctx( ): 404 R( + /cgi-bin/cartmanager.cgi + null) null 2001-09-03 11:11:08 - Ctx( ): 404 R( + /cfdocs/exampleapp/publish/admin/addcon tent.cfm + null) null 2001-09-03 11:11:08 - Ctx( ): 404 R( + /cgi-bin/websync.exe + null) null 2001-09-03 11:11:08 - Ctx( ): 404 R( + /cgi-bin/ezshopper3/loadpage.cgi + null ) null 2001-09-03 11:11:08 - Ctx( ): 404 R( + /cgi-bin/cvsweb.cgi + null) null 2001-09-03 11:11:08 - Ctx( ): 404 R( + /interscan/cgi-bin/HttpSaveCSP.dll + nu ll) null 2001-09-03 11:11:08 - Ctx( ): 404 R( + /cgi-bin/..%5c..%5c/..%5c..%5c/winnt/sy stem32/cmd.exe + null) null 2001-09-03 11:11:08 - Ctx( ): 404 R( + /cgi-bin/cvsweb.cgi + null) null 2001-09-03 11:11:08 - Ctx( ): 404 R( + /cgi-bin/bb-rep.sh + null) null 2001-09-03 11:11:08 - Ctx( ): 404 R( + /..?»../..?»../cmd.exe + null) null 2001-09-03 11:11:09 - Ctx( ): 404 R( + /interscan/cgi-bin/HttpSaveCSP.dll + nu ll) null 2001-09-03 11:11:09 - Ctx( ): 404 R( + /4DBin/_/C:/winnt/repair/sam._ + null) null 2001-09-03 11:11:09 - Ctx( ): 404 R( + /cgi-bin/..%5c..%5c/..%5c..%5c/winnt/sy stem32/cmd.exe + null) null 2001-09-03 11:11:09 - Ctx( ): 404 R( + /..\..\..\..\..\autoexec.bat + null) nu ll 2001-09-03 11:11:09 - Ctx( ): 404 R( + /cgi-bin/bb-hostsvc.sh + null) null 2001-09-03 11:11:09 - Ctx( ): 404 R( + /..?»../..?»../cmd.exe + null) null 2001-09-03 11:11:09 - Ctx( ): 404 R( + /iisadmpwd/..%5c..%5c/..%5c..%5c/winnt/ system32/cmd.exe + null) null 2001-09-03 11:11:09 - Ctx( ): 404 R( + /..\..\..\boot.ini + null) null 2001-09-03 11:11:09 - Ctx( ): 404 R( + /cgi-bin/bb-hostsvc.sh + null) null 2001-09-03 11:11:09 - Ctx( ): 404 R( + /iisadmpwd/sensepost.exe + null) null 2001-09-03 11:11:09 - Ctx( ): 404 R( + /cgi-bin/webspirs.cgi + null) null 2001-09-03 11:11:09 - Ctx( ): 404 R( + /cgi-bin/a1stats/a1disp2.cgi + null) nu ll 2001-09-03 11:11:09 - Ctx( ): 404 R( + /iisadmpwd/..%5c..%5c/..%5c..%5c/winnt/ system32/cmd.exe + null) null 2001-09-03 11:11:09 - Ctx( ): 404 R( + /..\..\..\boot.ini + null) null 2001-09-03 11:11:09 - Ctx( ): 404 R( + /cgi-bin/bb-histlog.sh + null) null 2001-09-03 11:11:09 - Ctx( ): 404 R( + /cgi-bin/webspirs.cgi + null) null 2001-09-03 11:11:09 - Ctx( ): 404 R( + /cgi-bin/a1stats/a1disp4.cgi + null) nu ll 2001-09-03 11:11:09 - Ctx( ): 404 R( + /_vti_bin/..%5c..%5c/..%5c..%5c/winnt/s ystem32/cmd.exe + null) null 2001-09-03 11:11:09 - Ctx( ): 404 R( + /../../../boot.ini + null) null 2001-09-03 11:11:10 - Ctx( ): 404 R( + /cgi-bin/bb-histlog.sh + null) null 2001-09-03 11:11:10 - Ctx( ): 404 R( + /scripts/passwd.txt .pl + null) null 2001-09-03 11:11:10 - Ctx( ): 404 R( + /cgi-bin/lister + null) null 2001-09-03 11:11:10 - Ctx( ): 404 R( + /doc/packages/ + null) null 2001-09-03 11:11:10 - Ctx( ): 404 R( + /cgi-bin/a1stats/a1disp4.cgi + null) nu ll 2001-09-03 11:11:10 - Ctx( ): 404 R( + /iisadmpwd/sensepost.exe + null) null 2001-09-03 11:11:10 - Ctx( ): 404 R( + /cgi-bin/bb-hist.sh + null) null 2001-09-03 11:11:10 - Ctx( ): 404 R( + /cgi-bin/a1stats/a1disp3.cgi + null) nu ll 2001-09-03 11:11:10 - Ctx( ): 404 R( + /iisadmpwd/cmd1.exe + null) null 2001-09-03 11:11:10 - Ctx( ): 404 R( + /cgi-bin/bb-hist.sh + null) null 2001-09-03 11:11:11 - Ctx( ): 404 R( + /_vti_bin/..%5c..%5c/..%5c..%5c/winnt/s ystem32/cmd.exe + null) null 2001-09-03 11:11:11 - Ctx( ): 404 R( + /../../../boot.ini + null) null 2001-09-03 11:11:11 - Ctx( ): 404 R( + /cgi-bin/a1stats/a1disp3.cgi + null) nu ll 2001-09-03 11:11:11 - Ctx( ): 404 R( + /iisadmpwd/cmd1.exe + null) null 2001-09-03 11:11:11 - Ctx( ): 404 R( + /msadc/..%5c..%5c/..%5c..%5c/winnt/syst em32/cmd.exe + null) null 2001-09-03 11:11:12 - ContextManager: SocketException reading request, ignored - java.net.SocketException: Connection reset by peer: JVM_recv in socket input st ream read at java.net.SocketInputStream.socketRead(Native Method) at java.net.SocketInputStream.read(SocketInputStream.java:86) at java.io.BufferedInputStream.fill(BufferedInputStream.java:186) at java.io.BufferedInputStream.read(BufferedInputStream.java:204) at org.apache.tomcat.service.http.HttpRequestAdapter.doRead(HttpRequestA dapter.java:115) at org.apache.tomcat.core.BufferedServletInputStream.doRead(BufferedServ letInputStream.java:106) at org.apache.tomcat.core.BufferedServletInputStream.read(BufferedServle tInputStream.java:128) at javax.servlet.ServletInputStream.readLine(ServletInputStream.java:138 ) at org.apache.tomcat.service.http.HttpRequestAdapter.readNextRequest(Htt pRequestAdapter.java:129) at org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio n(HttpConnectionHandler.java:198) at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java: 416) at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java :501) at java.lang.Thread.run(Thread.java:484) 2001-09-03 11:11:13 - Ctx( ): 404 R( + SnapStream + null) null 2001-09-03 11:11:13 - Ctx( ): 404 R( + SnapStream + null) null 2001-09-03 11:11:14 - Ctx( ): 404 R( + /includes/global.inc + null) null 2001-09-03 11:11:15 - Ctx( ): 404 R( + /global.asa .htr + null) null 2001-09-03 11:11:15 - Ctx( ): 404 R( + /pollit/Poll_It_v2.0.cgi + null) null 2001-09-03 11:11:15 - Ctx( ): 404 R( + /iissamples/issamples/fastq.idq + null) null 2001-09-03 11:11:16 - Ctx( ): 404 R( + /cfdocs/expeval/sendmail.cfm + null) nu ll 2001-09-03 11:11:16 - Ctx( ): 404 R( + /cgi-bin/wais + null) null 2001-09-03 11:11:16 - Ctx( ): 404 R( + /cgi-bin/DCShop + null) null 2001-09-03 11:11:16 - Ctx( ): 404 R( + SnapStream + null) null 2001-09-03 11:11:16 - Ctx( ): 404 R( + /cgi-bin/websync.exe + null) null 2001-09-03 11:11:16 - Ctx( ): 404 R( + /officescan/cgi/jdkRqNotify.exe + null) null 2001-09-03 11:11:17 - Ctx( ): 404 R( + SnapStream + null) null 2001-09-03 11:11:17 - Ctx( ): 404 R( + /cgi-bin/pollit/Poll_It_SSI_v2.0.cgi + null) null 2001-09-03 11:11:17 - Ctx( ): 404 R( + /iissamples/issamples/fastq.idq + null) null 2001-09-03 11:11:17 - Ctx( ): 404 R( + /cgi-bin/pollit/Poll_It_SSI_v2.0.cgi + null) null 2001-09-03 11:11:17 - Ctx( ): 404 R( + /iissamples/issamples/query.idq + null) null 2001-09-03 11:11:18 - Ctx( ): 404 R( + /iissamples/issamples/query.idq + null) null 2001-09-03 11:11:19 - Ctx( ): 404 R( + /cgi-bin/wais + null) null 2001-09-03 11:11:19 - Ctx( ): 404 R( + /cgi-bin/DCShop + null) null 2001-09-03 11:11:20 - Ctx( ): 404 R( + /iisadmpwd/cmd.exe + null) null 2001-09-03 11:11:20 - Ctx( ): 404 R( + /iisadmpwd/cmd.exe + null) null 2001-09-03 11:11:21 - Ctx( ): 404 R( + /samples/sensepost.exe + null) null 2001-09-03 11:11:21 - Ctx( ): 404 R( + /samples/sensepost.exe + null) null 2001-09-03 11:11:21 - Ctx( ): 404 R( + /samples/cmd1.exe + null) null 2001-09-03 11:11:21 - Ctx( ): 404 R( + /samples/cmd1.exe + null) null 2001-09-03 11:11:22 - Ctx( ): 404 R( + /cgi-bin/simplestmail.cgi + null) null 2001-09-03 11:11:22 - Ctx( ): 404 R( + /samples/cmd.exe + null) null 2001-09-03 11:11:22 - Ctx( ): 404 R( + /samples/cmd.exe + null) null 2001-09-03 11:11:22 - Ctx( ): 404 R( + /cgi-bin/sensepost.exe + null) null 2001-09-03 11:11:23 - Ctx( ): 404 R( + /cgi-bin/sensepost.exe + null) null 2001-09-03 11:11:23 - Ctx( ): 404 R( + /cgi-bin/cmd1.exe + null) null 2001-09-03 11:11:23 - Ctx( ): 404 R( + /cgi-bin/cmd1.exe + null) null 2001-09-03 11:11:23 - Ctx( ): 404 R( + /cgi-bin/cmd.exe + null) null 2001-09-03 11:11:24 - Ctx( ): 404 R( + /cgi-bin/cmd.exe + null) null 2001-09-03 11:11:24 - Ctx( ): 404 R( + /vti_cnf/sensepost.exe + null) null 2001-09-03 11:11:24 - Ctx( ): 404 R( + /vti_cnf/sensepost.exe + null) null 2001-09-03 11:11:25 - Ctx( ): 404 R( + /vti_cnf/cmd1.exe + null) null 2001-09-03 11:11:27 - Ctx( ): 404 R( + /iisadmpwd/ + null) null 2001-09-03 11:11:27 - Ctx( ): 404 R( + /cgi-bin/ustorekeeper.pl + null) null 2001-09-03 11:11:27 - Ctx( ): 404 R( + /msadc/..%5c..%5c/..%5c..%5c/winnt/syst em32/cmd.exe + null) null 2001-09-03 11:11:27 - Ctx( ): 404 R( + /.nsf/../winnt/win.ini + null) null 2001-09-03 11:11:27 - Ctx( ): 404 R( + /iissamples/exair/howitworks/codebrws.a sp + null) null 2001-09-03 11:11:27 - Ctx( ): 404 R( + /usr/bin/xvcad/glib/ + null) null 2001-09-03 11:11:27 - Ctx( ): 404 R( + /cgi-bin/ustorekeeper.pl + null) null 2001-09-03 11:11:27 - Ctx( ): 404 R( + /scripts/..%5c..%5cwinnt/system32/cmd.e xe + null) null 2001-09-03 11:11:27 - Ctx( ): 404 R( + /usr/bin/xvcad/glib/ + null) null 2001-09-03 11:11:27 - Ctx( ): 404 R( + /scripts/..%5c..%5cwinnt/system32/cmd.e xe + null) null 2001-09-03 11:11:27 - Ctx( ): 404 R( + /usr/bin/xvcad/var_rm + null) null 2001-09-03 11:11:28 - Ctx( ): 404 R( + /usr/bin/xvcad/var_rm + null) null 2001-09-03 11:11:28 - Ctx( ): 404 R( + /vti_cnf/cmd1.exe + null) null 2001-09-03 11:11:28 - Ctx( ): 404 R( + /usr/bin/xvcad/igesin + null) null 2001-09-03 11:11:28 - Ctx( ): 404 R( + /vti_cnf/cmd.exe + null) null 2001-09-03 11:11:28 - Ctx( ): 404 R( + /usr/bin/xvcad/igesin + null) null 2001-09-03 11:11:29 - Ctx( ): 404 R( + /vti_cnf/cmd.exe + null) null 2001-09-03 11:11:29 - Ctx( ): 404 R( + /usr/bin/xvcad/dxfin + null) null 2001-09-03 11:11:29 - Ctx( ): 404 R( + /vti_bin/sensepost.exe + null) null 2001-09-03 11:11:29 - Ctx( ): 404 R( + /usr/bin/xvcad/dxfin + null) null 2001-09-03 11:11:29 - Ctx( ): 404 R( + /vti_bin/sensepost.exe + null) null 2001-09-03 11:11:29 - Ctx( ): 404 R( + /vti_bin/cmd1.exe + null) null 2001-09-03 11:11:30 - Ctx( ): 404 R( + /vti_bin/cmd1.exe + null) null 2001-09-03 11:11:30 - Ctx( ): 404 R( + /vti_bin/cmd.exe + null) null 2001-09-03 11:11:30 - Ctx( ): 404 R( + /vti_bin/cmd.exe + null) null 2001-09-03 11:11:31 - Ctx( ): 404 R( + /msadc/sensepost.exe + null) null 2001-09-03 11:11:31 - Ctx( ): 404 R( + /msadc/sensepost.exe + null) null 2001-09-03 11:11:31 - Ctx( ): 404 R( + /msadc/cmd1.exe + null) null 2001-09-03 11:11:32 - Ctx( ): 404 R( + /msadc/cmd1.exe + null) null 2001-09-03 11:11:32 - Ctx( ): 404 R( + /msadc/cmd.exe + null) null 2001-09-03 11:11:32 - Ctx( ): 404 R( + /msadc/cmd.exe + null) null 2001-09-03 11:11:32 - Ctx( ): 404 R( + /scripts/sensepost.exe + null) null 2001-09-03 11:11:42 - Ctx( ): 404 R( + /scripts/sensepost.exe + null) null 2001-09-03 11:11:42 - Ctx( ): 404 R( + /scripts/cmd1.exe + null) null 2001-09-03 11:11:42 - Ctx( ): 404 R( + /scripts/cmd1.exe + null) null 2001-09-03 11:11:43 - Ctx( ): 404 R( + /scripts/cmd.exe + null) null 2001-09-03 11:11:43 - Ctx( ): 404 R( + /scripts/cmd.exe + null) null 2001-09-03 11:11:43 - Ctx( ): 404 R( + /sensepost.exe + null) null 2001-09-03 11:11:44 - Ctx( ): 404 R( + /sensepost.exe + null) null 2001-09-03 11:11:44 - Ctx( ): 404 R( + /cmd1.exe + null) null 2001-09-03 11:11:44 - Ctx( ): 404 R( + /cmd1.exe + null) null 2001-09-03 11:11:44 - Ctx( ): 404 R( + /cmd.exe + null) null 2001-09-03 11:11:45 - Ctx( ): 404 R( + /cmd.exe + null) null End <-- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 04 2001 - 09:05:39 PDT