As opposed to a worm attacking Apache or OpenSSL? :) At 01:49 PM 2/10/2003 -0600, you wrote:
>Short answer is that this is a worm.... Don't worry about it. This is >why you are not running IIS right? This is just some sneezy, infected >winblows machine out there trying to spread its germs to your *nix >server. Just make sure you keep your server patched and current.... > >Shannon > >Mat Branyon wrote: > >>I am running a webserver via dyndns and I have noticed that someone is >>trying to run cmd.exe on my server: >> >>(ftp.vertex-networks.com - - [10/Feb/2003:07:14:14 -0600] "GET >> >/scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 - >> > >> >I searched everywhere for cmd.exe on my freebsd server and was unable to >> >find it (I wonder why). So then the thing that i see this could be is a >>skript kiddie, with a really stupid program. What can I do to block >>these requests, as they are taking up bandwidth? I have a firewall with >>snort and squid, but don't really know how to use them (I am looking >>that up right now). I started running this server a few days ago, thats >>how fast the attacks started coming in. I have also had some attempted >>ssh logins to my computer. >> >>--mat || http://locke.homeunix.org || If mathematically you end up with >>the wrong answer, try multiplying by the page number. >> >> >>_______________________________________________ >>General mailing list >>[email protected] >>http://oxygen.nocdirect.com/mailman/listinfo/general_brlug.net >> > > > > >_______________________________________________ >General mailing list >[email protected] >http://oxygen.nocdirect.com/mailman/listinfo/general_brlug.net --- Dustin Puryear <[EMAIL PROTECTED]> Puryear Information Technology Windows, UNIX, and IT Consulting http://www.puryear-it.com
