going by the times, 15:30:59, 15:31:01, 15:31:03, 15:31:05 etc my guess is that it's a worm or virus rather than a cracker, who can type that fast?
Then again, could be using an automated tool. hmmm. How can one tell? Are the attempted exploits below part of the known pattern of a known worm? Are they part of the known pattern of a known cracking tool? Apart from clogging up your log file, was there any other damage? Noticeable degradation of system performance, generating billable (to you) traffic, etc? Yuri On Wed, 30 Jan 2002, you wrote: > I am currently 'playing' with apache, does anyone here ever get tired of; > > <snip> > [Wed Jan 30 15:30:59 2002] [error] [client 210.74.146.190] File does not > exist: /somedir/scripts/root.exe > [Wed Jan 30 15:31:01 2002] [error] [client 210.74.146.190] File does not > exist: /somedir/MSADC/root.exe > [Wed Jan 30 15:31:03 2002] [error] [client 210.74.146.190] File does not > exist: /somedir/c/winnt/system32/cmd.exe > [Wed Jan 30 15:31:05 2002] [error] [client 210.74.146.190] File does not > exist: /somedir/d/winnt/system32/cmd.exe > [Wed Jan 30 15:31:06 2002] [error] [client 210.74.146.190] File does not > exist: /somedir/scripts/..%5c../winnt/system32/cmd.exe > [Wed Jan 30 15:31:08 2002] [error] [client 210.74.146.190] File does not > exist: /somedir/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe > [Wed Jan 30 15:31:10 2002] [error] [client 210.74.146.190] File does not > exist: /somedir/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe > [Wed Jan 30 15:31:12 2002] [error] [client 210.74.146.190] File does not > exist: > /somedir/msadc/..%5c../..%5c../..%5c/..�^\../..�^\../..�^\../winnt/system32 >/cmd.exe </snip> > > I mean this attack was directed at an NT/2k/XP machine. I have whois'ed > the IP and have someone to complain to, what is the general attitude here > towards responding to provocation such as this? > > I do realise that .190 is not a specific address and will probably not be > traceable back to the purpotrating computer. But someone needs a good > stiff slaping with a dripping wet trout. > > Mark Carey > > > > > _________________________________________________________________ > Send and receive Hotmail on your mobile device: http://mobile.msn.com
