I really doubt this is a intentional attack. This looks look what the Windows virus Nimda does when looking for targets. I used to have a cron job on a webserver at work that would collect the IPs and send them to our Windows IT group to fix.
Garl > -----Original Message----- > From: Linux Rocks ! [mailto:[EMAIL PROTECTED] > Sent: Thursday, November 20, 2003 8:23 PM > To: [EMAIL PROTECTED] > Subject: [eug-lug]webserver logs... > > > so... ive noticed this before in my webserver logs... > 68.50.124.251 - - [20/Nov/2003:23:07:12 -0500] "GET > /scripts/..%%35c../winnt/ > system32/cmd.exe?/c+dir HTTP/1.0" 400 292 > > so... looks like someone it scanning for a winnt based server > they can exploit > to me.. anyway, obviously its not an acutal problem, but I > figured maybe some > of you have had simular issues, and come up with creative > solutions... like > with ip tables or something :) > > Jamie > > -- > It's a bird.. > It's a plane.. > No, it's KernelMan, faster than a speeding bullet, to your rescue. > Doing new kernel versions in under 5 seconds flat.. > -- Linus, in the announcement for 1.3.27 > > _______________________________________________ > EuG-LUG mailing list > [EMAIL PROTECTED] > http://mailman.efn.org/cgi-bin/listinfo/eug-lug > _______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug