Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > incidents > 02 > 120182.html (Request Expert securityfocus.com Support)

RE: A small quandary

From: Jerry Shenk <jshenk(at)decommunications.com>
Date: Fri Dec 06 2002 - 08:35:36 EST


Those 'attacks' are all fairly common of scripted attacks, trojans, etc. If you know that this traffic is coming from this 'hostile' business acquanitance (how do you know that?), then perhaps it's worth keeping track of. If HBA has a static address, then it might be worth scanning the logs to see what other pages he's tried to get to. It might also be interesting to check the times on the 'attacks' - if the times are very fast, then it's possible he's using an attack tool or perhaps he's become the unwitting host to a hostile trojan.

I'd hang onto the information so that if this does end up being an actual attack you'll have evidence to support your accusation but I don't think you have enough yet. There are too many logical explanations for this traffic.

-----Original Message-----
From: Mahoney, Paul [mailto:paul@fiberstarr.com] Sent: Wednesday, December 04, 2002 11:30 PM To: incidents@securityfocus.com
Subject: A small quandary

Hi all,

I have in my possession a log file that implicates a business acquaintance, who to say the least, might have the attitude to mount an offensive.

The log file contains many entries like:-

404

/cgi-bin/publisher/search.cgi?dir=jobs&template=;cat+/etc/passwd|&output
_number=10
/perl/ 1 -

Do you need help?X

My question to everyone out there is would anyone be able to tell me if this kind of attack has the fingerprints of any known software/viruses in the field or is it a deliberate attempt to gain access to my clients site?

Your thoughts are welcomed

Paul Mahoney
Director
FiberStarr Systems
www.fiberstarr.com


This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Sun Dec 8 22:31:19 2002

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:52 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library