Hosting Provided By

Re: strange cmd.exe access

From: H Carvey <keydet89(at)yahoo.com>
Date: Fri May 30 2003 - 18:45:26 EDT

('binary' encoding is not supported, stored as-is)
In-Reply-To: <Pine.LNX.4.21.0305292008410.9010-100000@fist.ipdog.com>

>what is strange is that the cmd.exe / root.exe stuff is

It doesn't look at all as if you received an HTTP request, but as if some code was sent to port 80.

>the ip it hit was not mapped to anything ( I believe it

This doesn't make any sense...it has to be mapped to something, to a live machine. If it wasn't, how could the three-stage TCP handshake have been completed?

As someone else mentioned, it may be a follow-on packet to Code Red. Have you gone to this machine and checked the logs?

Harlan

Received on Mon Jun 2 00:59:01 2003

This message: [ Message body ]
Next message: Valdis.Kletnieks(at)vt.edu: "Re: strange cmd.exe access"
Previous message: Jeff Adams: "RE: strange cmd.exe access"
In reply to Q: "strange cmd.exe access"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:06 EDT