hehe.. good luck dealing with isp's on this... http://freebsdmatrix.net/iisworm/ A fun little script that'll automatically send out emails to parent netblock owners... Might be easier then doing all the work manually ;) On Wednesday 27 November 2002 11:41, Andreas Bittner wrote:
nslookup/whois the ip (www.ripe.net (euro/africa/mid-east) , www.arin.net (americas) or www.apnic.net (asia pacific), these are the big three ip address maintainers worldwide, whois the ip addy there or nslookup the ipadress and report to its owner/provider and so forth....
cheers, andy
----- Original Message ----- From: "Mario Ohnewald" <mario.ohnewald@gmx.de> To: <suse-security@suse.com> Sent: Wednesday, November 27, 2002 12:33 PM Subject: [suse-security] IIS Worms
Hello! What can i do against these worms?
[Mon Nov 25 18:18:50 2002] [error] [client 80.145.88.201] File does not exist: /usr/local/httpd/htdocs/scripts/..Á^\../winnt/system32/cmd.exe [Mon Nov 25 18:18:50 2002] [error] [client 80.145.88.201] File does not exist: /usr/local/httpd/htdocs/error/error.html [Mon Nov 25 18:18:53 2002] [error] [client 80.145.88.201] File does not exist: /usr/local/httpd/htdocs/error/error.html [Mon Nov 25 18:18:56 2002] [error] [client 80.145.88.201] File does not exist: /usr/local/httpd/htdocs/scripts/..À¯../winnt/system32/cmd.exe [Mon Nov 25 18:18:56 2002] [error] [client 80.145.88.201] File does not exist: /usr/local/httpd/htdocs/error/error.html [Mon Nov 25 18:19:00 2002] [error] [client 80.145.88.201] File does not exist: /usr/local/httpd/htdocs/scripts/..Á234../winnt/system32/cmd.exe [Mon Nov 25 18:19:00 2002] [error] [client 80.145.88.201] File does not exist: /usr/local/httpd/htdocs/error/error.html [Mon Nov 25 18:19:10 2002] [error] [client 80.145.88.201] File does not exist: /usr/local/httpd/htdocs/scripts/..%5c../winnt/system32/cmd.exe [Mon Nov 25 18:19:10 2002] [error] [client 80.145.88.201] File does not exist: /usr/local/httpd/htdocs/error/error.html [Mon Nov 25 18:19:14 2002] [error] [client 80.145.88.201] File does not exist: /usr/local/httpd/htdocs/scripts/..%2f../winnt/system32/cmd.exe [Mon Nov 25 18:19:14 2002] [error] [client 80.145.88.201] File does not exist: /usr/local/httpd/htdocs/error/error.html [Tue Nov 26 00:43:09 2002] [error] [client 80.133.121.24] File does not exist: /usr/local/httpd/htdocs/scripts/..À¯../winnt/system32/cmd.exe [Tue Nov 26 00:43:09 2002] [error] [client 80.133.121.24] File does not exist: /usr/local/httpd/htdocs/error/error.html [Tue Nov 26 00:43:10 2002] [error] [client 80.133.121.24] File does not exist: /usr/local/httpd/htdocs/scripts/.%2e/.%2e/winnt/system32/cmd.ex [Tue Nov 26 00:43:10 2002] [error] [client 80.133.121.24] File does not exist: /usr/local/httpd/htdocs/error/error.html [Tue Nov 26 06:35:51 2002] [error] [client 211.72.192.249] File does not exist: /usr/local/httpd/htdocs/scripts/..%5c%5c../winnt/system32/cmd. [Tue Nov 26 06:35:51 2002] [error] [client 211.72.192.249] File does not exist: /usr/local/httpd/htdocs/error/error.html [Tue Nov 26 07:59:16 2002] [error] [client 210.241.51.68] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): / [Wed Nov 27 09:36:25 2002] [error] [client 80.145.87.190] File does not exist: /usr/local/httpd/htdocs/scripts/root.exe [Wed Nov 27 09:36:25 2002] [error] [client 80.145.87.190] File does not exist: /usr/local/httpd/htdocs/error/error.html [Wed Nov 27 09:36:29 2002] [error] [client 80.145.87.190] File does not exist: /usr/local/httpd/htdocs/MSADC/root.exe [Wed Nov 27 09:36:29 2002] [error] [client 80.145.87.190] File does not exist: /usr/local/httpd/htdocs/error/error.html [Wed Nov 27 10:00:12 2002] [error] [client 80.145.87.190] File does not exist: /usr/local/httpd/htdocs/scripts/root.exe [Wed Nov 27 10:00:12 2002] [error] [client 80.145.87.190] File does not exist: /usr/local/httpd/htdocs/error/error.html [Wed Nov 27 10:00:16 2002] [error] [client 80.145.87.190] File does not exist: /usr/local/httpd/htdocs/MSADC/root.exe [Wed Nov 27 10:00:16 2002] [error] [client 80.145.87.190] File does not exist: /usr/local/httpd/htdocs/error/error.html [Wed Nov 27 10:00:23 2002] [error] [client 80.145.87.190] File does not exist: /usr/local/httpd/htdocs/c/winnt/system32/cmd.exe [Wed Nov 27 10:00:23 2002] [error] [client 80.145.87.190] File does not exist: /usr/local/httpd/htdocs/error/error.html [Wed Nov 27 10:00:27 2002] [error] [client 80.145.87.190] File does not exist: /usr/local/httpd/htdocs/d/winnt/system32/cmd.exe [Wed Nov 27 10:00:27 2002] [error] [client 80.145.87.190] File does not exist: /usr/local/httpd/htdocs/error/error.html
How can i reverse the ip to an address like whois does. What do u do against it? I am just bothered because of my mini bandwitdth.
cheers, Mario
-- "They that give up essential liberty to obtain a little temporary safety... deserve neither safety nor liberty." - Benjamin Franklin(1759)