Hmmm, looks like a NITKO scan from what I see. I'll verify though.
Sonny Discini Network Security Engineer Department of Technical Services Enterprise Infrastructure Division Montgomery County Government -----Original Message----- From: Maxime Ducharme [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 22, 2003 1:40 PM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Need help to find web server attacks signature Hi all, i'd need help to identify an attack that happened on one of our customer's web server yesterday, I put the log file here : http://www.pandore-design.com/security/2003-10-21-IIS-attack.txt I see some attacks that seem to be a security scanner tool, and some attacks which targets specific pages of the web site (where we begin to see 200 responses from the web server). Someone recognize a tool / virus / worm in this ? Thanks in advance for help --------------------------------------------------------------- Maxime Ducharme Administrateur reseau, Programmeur _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
