I agree. I have flamed btopenworld (my isp) relentlessly on this subject lines likes heres another one etc etc). The point I was trying to make is that there is some of these hits that I will never be able to stop and will go on forever (hence the take it back to the shop comment). Hence I have taken the decision to try and blast the people who I can to make them stop but I know I am covered with patches etc to stop this happening.
I agree entirely about IT people needing to do more but unfortunately there are people who do not know, do not care or do not understand what is going on (I could add loads of anecdotal stories here). Until these problems are taken seriously by all and are not used as scare stories when the news has nothing else to report then I have to just accept it to some extent I hope I do not sound to bitter or anything. At first it really hacked me off but I find I am loosing the will to live with certain people and organisations! Cheers Anthony Kimber Consultant, ARL Computer Consultants Ltd Web : http://www.arl-consultants.co.uk Phone : 0191 536 5115 Fax: : 0191 536 5115 Mobile : 07798 848034 -----Original Message----- From: Cox, Danny H. [mailto:[EMAIL PROTECTED]] Sent: 17 January 2002 18:22 To: Anthony Kimber Cc: [EMAIL PROTECTED] Subject: RE: [gb-users] Not Gnatbox but security related I don't completely agree with your comment regarding "only knock off bandwidth" When you start getting code red attacks coming from about 500 different concurrent locations, you will see why. I had a DSL router and a T1 go down because of the load caused by this crap. It does not matter if you block that garbage. It can still cause grief. Especially if you host your own mail, ftp and www - and the Inet connection goes down @ 1:30 A.M. and you live 30 miles from work. (sorry for the run-on) Never take that crap lightly. I started reporting my hit lists to our ISP in an effort to get some of these systems off the net. IT people need to take more responsibility for this problem. If we do not work to eliminate this type of traffic, things will only get worse. I consider it part of my job. Just a thought. Danny -----Original Message----- From: Anthony Kimber [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 17, 2002 9:12 AM To: 'Marc Suxdorf' Cc: [EMAIL PROTECTED] Subject: RE: [gb-users] Not Gnatbox but security related Here are some webstats from one of our customers webservers. As you can see we often get this happenning as some people out there really should put their computer back in the box and take it back to the shop for a refund as they are too stupid to install av products. I am not worried about these hits and nor is the isp as they can do no damage ( only knock off bandwidth) Cheers PS This server has only been running 2 weeks so it will be interesting what other rubbish hits it in the future Bad URLs This report lists the requests that generated 404 Not Found error messages (because the requested files didn't exist). Summary: This report shows the top 10 bad URLs requested. 25 distinct bad URLs were found. Quantity % of Total Item 180 2.76% /winnt/system32/cmd.exe?/c+dir 96 1.47% /scripts/root.exe?/c+dir 96 1.47% /MSADC/root.exe?/c+dir 95 1.46% /c/winnt/system32/cmd.exe?/c+dir 92 1.41% /d/winnt/system32/cmd.exe?/c+dir 90 1.38% /scripts/winnt/system32/cmd.exe?/c+dir 90 1.38% /msadc/..%5c../..%5c../..%5c/..� ../..� ../..� ../winnt/system32/cmd.exe ?/c+dir 90 1.38% /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c+dir 20 0.31% /robots.txt 4 0.06% /favicon.ico Anthony Kimber Consultant, ARL Computer Consultants Ltd Web : http://www.arl-consultants.co.uk Phone : 0191 536 5115 Fax: : 0191 536 5115 Mobile : 07798 848034 -----Original Message----- From: Marc Suxdorf [mailto:[EMAIL PROTECTED]] Sent: 17 January 2002 16:09 To: [EMAIL PROTECTED] Subject: [gb-users] Not Gnatbox but security related Hi everyone I have to administer our small company network in my spare time which hopefully explains my little security knowledge... I have just come across a scary entry in our Windows 2000 Server Internet Information Services 5.0 log: 2002-01-17 10:52:31 62.161.107.167 - 10.10.1.1 80 GET /scripts/root.exe /c+dir 403 www - 2002-01-17 10:52:46 62.161.107.167 - 10.10.1.1 80 GET /MSADC/root.exe /c+dir 403 www - 2002-01-17 10:52:54 62.161.107.167 - 10.10.1.1 80 GET /c/winnt/system32/cmd.exe /c+dir 403 www - 2002-01-17 10:53:03 62.161.107.167 - 10.10.1.1 80 GET /d/winnt/system32/cmd.exe /c+dir 403 www - 2002-01-17 10:53:18 62.161.107.167 - 10.10.1.1 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 403 www - Is someone currently executing terrible things on our server? I would be very greatfull for any quick help and/or explanation! Thanks a lot and best wishes to everyone Marc Suxdorf Studios f�r Design Milchstrasse 6b D-20148 Hamburg Tel +49 (40) 41345-100 Fax +49 (40) 41345-101 Email [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
