Alex_K
12.12.01, 09:01
ich hab eine router auf dem auch httpd läuft.
jetzt hab ich mal in die logs geschaut, und folgende einträge gefunden:
216.139.6.80 - - [11/Dec/2001:12:17:15 +0100] "GET /default.ida?NNNNNNNNNNNNNNN
212.128.1.108 - - [11/Dec/2001:15:24:20 +0100] "GET /scripts/root.exe?/c+dir HT
212.128.1.108 - - [11/Dec/2001:15:24:27 +0100] "GET /MSADC/root.exe?/c+dir HTTP
212.128.1.108 - - [11/Dec/2001:15:24:31 +0100] "GET /c/winnt/system32/cmd.exe?/
212.128.1.108 - - [11/Dec/2001:15:24:35 +0100] "GET /d/winnt/system32/cmd.exe?/
212.128.1.108 - - [11/Dec/2001:15:24:38 +0100] "GET /scripts/..%255c../winnt/sy
212.128.1.108 - - [11/Dec/2001:15:24:42 +0100] "GET /_vti_bin/..%255c../..%255c
212.128.1.108 - - [11/Dec/2001:15:24:46 +0100] "GET /_mem_bin/..%255c../..%255c
212.128.1.108 - - [11/Dec/2001:15:24:52 +0100] "GET /msadc/..%255c../..%255c../
212.128.1.108 - - [11/Dec/2001:15:24:56 +0100] "GET /scripts/..%c1%1c../winnt/s
212.128.1.108 - - [11/Dec/2001:15:25:00 +0100] "GET /scripts/..%c0%2f../winnt/s
212.128.1.108 - - [11/Dec/2001:15:25:07 +0100] "GET /scripts/..%c0%af../winnt/s
212.128.1.108 - - [11/Dec/2001:15:25:10 +0100] "GET /scripts/..%c1%9c../winnt/s
212.128.1.108 - - [11/Dec/2001:15:25:14 +0100] "GET /scripts/..%%35%63../winnt/
212.128.1.108 - - [11/Dec/2001:15:25:17 +0100] "GET /scripts/..%%35c../winnt/sy
212.128.1.108 - - [11/Dec/2001:15:25:21 +0100] "GET /scripts/..%25%35%63../winn
212.128.1.108 - - [11/Dec/2001:15:25:25 +0100] "GET /scripts/..%252f../winnt/sy
64.105.142.46 - - [11/Dec/2001:17:27:35 +0100] "GET /default.ida?NNNNNNNNNNNNNN
solche einträge hab ich 2 - 3 mal täglich.
ist das jetzt wieder "nur" nimda & Co.?
jetzt hab ich mal in die logs geschaut, und folgende einträge gefunden:
216.139.6.80 - - [11/Dec/2001:12:17:15 +0100] "GET /default.ida?NNNNNNNNNNNNNNN
212.128.1.108 - - [11/Dec/2001:15:24:20 +0100] "GET /scripts/root.exe?/c+dir HT
212.128.1.108 - - [11/Dec/2001:15:24:27 +0100] "GET /MSADC/root.exe?/c+dir HTTP
212.128.1.108 - - [11/Dec/2001:15:24:31 +0100] "GET /c/winnt/system32/cmd.exe?/
212.128.1.108 - - [11/Dec/2001:15:24:35 +0100] "GET /d/winnt/system32/cmd.exe?/
212.128.1.108 - - [11/Dec/2001:15:24:38 +0100] "GET /scripts/..%255c../winnt/sy
212.128.1.108 - - [11/Dec/2001:15:24:42 +0100] "GET /_vti_bin/..%255c../..%255c
212.128.1.108 - - [11/Dec/2001:15:24:46 +0100] "GET /_mem_bin/..%255c../..%255c
212.128.1.108 - - [11/Dec/2001:15:24:52 +0100] "GET /msadc/..%255c../..%255c../
212.128.1.108 - - [11/Dec/2001:15:24:56 +0100] "GET /scripts/..%c1%1c../winnt/s
212.128.1.108 - - [11/Dec/2001:15:25:00 +0100] "GET /scripts/..%c0%2f../winnt/s
212.128.1.108 - - [11/Dec/2001:15:25:07 +0100] "GET /scripts/..%c0%af../winnt/s
212.128.1.108 - - [11/Dec/2001:15:25:10 +0100] "GET /scripts/..%c1%9c../winnt/s
212.128.1.108 - - [11/Dec/2001:15:25:14 +0100] "GET /scripts/..%%35%63../winnt/
212.128.1.108 - - [11/Dec/2001:15:25:17 +0100] "GET /scripts/..%%35c../winnt/sy
212.128.1.108 - - [11/Dec/2001:15:25:21 +0100] "GET /scripts/..%25%35%63../winn
212.128.1.108 - - [11/Dec/2001:15:25:25 +0100] "GET /scripts/..%252f../winnt/sy
64.105.142.46 - - [11/Dec/2001:17:27:35 +0100] "GET /default.ida?NNNNNNNNNNNNNN
solche einträge hab ich 2 - 3 mal täglich.
ist das jetzt wieder "nur" nimda & Co.?