There is someone from xx.xx.xx.xx trying to use an IIS
vulnerability. If it's realy intranet your admin should
have a look at the offending pc if it is infected by a
virus. (Not shure out of the head if this is nimda, code
red or what else)
This vulnerability is not affecting tomcat.
this is just an IIS worm ( Nimda I think ) on someone else's server, sending requests
to yours. You can see that all the requests
are returning a 404. Almost everyone sees this at some stage. Don't worry about it.
steph
-Original Message-
From: Antony paul [mailto:[EMAIL PROTECTED]
It's in the intranet right ? Should be easy to track down :)
Antony paul wrote:
Hello,
I have Tomcat standalone running on a local Intranet. The server is
windows 2000 SP2. Today while checking the access log files I found the
following lines
xx.xx.xx.xx - - [11/Aug/2003:09:47:38 5050] GET
on
this IP address.
- Original Message -
From: Ralph Einfeldt [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: Tuesday, August 12, 2003 2:08 PM
Subject: RE: [OT] Some one executing windows commands in Tomcat 4.1.18.
There is someone from xx.xx.xx.xx trying to use an IIS
is not running
but we have some other web server program(probably apache) which listens on
this IP address.
- Original Message -
From: Ralph Einfeldt [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: Tuesday, August 12, 2003 2:08 PM
Subject: RE: [OT] Some one executing windows
That 404 means they got a page not found error. This is just some
script kiddie looking for problems. I wouldn't worry about it. If you
want to creat a servlet mapping that grabs these requests and then pipes
them off into the lala land of the never-ending-connection, please do.
It would help
Users List [EMAIL PROTECTED]
Sent: Tuesday, August 12, 2003 2:08 PM
Subject: RE: [OT] Some one executing windows commands in Tomcat 4.1.18.
There is someone from xx.xx.xx.xx trying to use an IIS
vulnerability. If it's realy intranet your admin should
have a look at the offending pc if it is infected