[TriLUG] deciphering access logs
Andy Naylor
anaylor at nc.rr.com
Thu Jan 3 19:37:51 EST 2002
According to articles on Google Groups.
I'm getting hit by Code Red probes.
<snip>Nimba worm probes .. you're safe with Apache</snip>
-----Original Message-----
From: trilug-admin at trilug.org [mailto:trilug-admin at trilug.org]On Behalf
Of John Beimler
Sent: Thursday, January 03, 2002 7:24 PM
To: trilug at trilug.org
Subject: Re: [TriLUG] deciphering access logs
quotation from Andy Naylor <anaylor at nc.rr.com> [on 020103 19:13]::
> Could anyone point me to some help on decoding access logs?
>
> ny-lancaster1b-393.buf.adelphia.net - - [01/Jan/2002:12:26:04 -0500]
> "GET/MSADC/root.exe?/c+dir HTTP/1.0" 404 314 "-" "-"
>
someone on Adelphia's cable network thinks you are running windows and
is trying a number of windows exploits. You can poke around at
securityfocus.com and search on some of the URLs and turn up what
exploit they are trying, but most likely they are looking for computers
that are still infected with some sort of CodeRed (boy am I glad thats
gone.)
Peace.
john
_______________________________________________
TriLUG mailing list
http://www.trilug.org/mailman/listinfo/trilug
More information about the TriLUG
mailing list