Emperor wrote: > Hmm.... Here is the log Sorry to dissapoint you, that is a standard bot that scours anything that can be resolved. My guess is for vulnerable systems. It is quite interesting as those types of requests will only work on IIS/NT based systems.
I received a number of requests like that when I was helping a company migrate their webapp from three machines to one. (Can I give you a hint: never put full address resolution if you expect to move an app later). > > I tested my async this afternoon by connecting to www.google.de and > sending a standart request (on both port 80 and 5485 - to test correct > and incorrect requests). Due to typos my first request strings weren't > correct. I had a serversocket running on port 80, too. After a while... > I began to get suspicious request on my serversocket ;) like those one: > > connection to 217.81.232.195:2302 received "GET /MSADC/root.exe?/c+dir > HTTP/1.0 connection to 217.81.232.195:2441 received "GET > /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0 connection to > 217.81.232.195:2568 received "GET /d/winnt/system32/cmd.exe?/c+dir > HTTP/1.0 connection to 217.81.232.195:2954 received "GET > /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir > HTTP/1.0 > > Pretty funny... as my server didn't answer to requests ;) I think there > was someone @ google trying to find out who I am ;) I tried a reverse > hostname lookup but didn't give interesting results ;) > > Look at the log ;) pretty cool. > > Nils > > > ------------------------------------------------------------------------ > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > -- "They that give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
