RE: attempted exploits
rotflol, I called the guy who owned this box (hit their web server got their phone number phone menus etc) and it was hilarious. I told him either someone is at his office screwing around or his box has been compromised. I portscanned his box and noticed how wide open it was so this was the assumption I followed. on top of the fact that I am not on his broadcast domain so its not regular windows NETBIOS Spam. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jarrod Sayers Sent: Sunday, March 24, 2002 9:58 PM To: '[EMAIL PROTECTED]'; FreeBSD-STABLE Subject: RE: attempted exploits Welcome back Nimda! We have noticed a sharp rise in the number of attacks starting over the weekend here. Jarrod Sayers Information Technology Services Unit University of South Australia, Magill Campus. Phone: +61 8 8302 4809 http://people.unisa.edu.au/jarrod.sayers > -Original Message- > From: Jesse Geddis [mailto:[EMAIL PROTECTED]] > Sent: Monday, 25 March 2002 4:23 PM > To: FreeBSD-STABLE > Subject: attempted exploits > > > wow, this person is quite effective. they've been trying this since > this morning 4mins after i got my web server up. been doing it every > half hour for 7 hours lol. trying to execute arbitrary Windows code on > a FreeBSD server! > > [Sun Mar 24 20:41:55 2002] [error] [client 63.198.148.139] File does > not exist: /archive/www/cia/scripts/..Á../winnt/system32/cmd.exe > [Sun Mar 24 20:42:05 2002] [error] [client 63.198.148.139] File does > not exist: /archive/www/cia/scripts/..À¯../winnt/system32/cmd.exe > [Sun Mar 24 20:42:10 2002] [error] [client 63.198.148.139] File does > not exist: /archive/www/cia/scripts/..Á../winnt/system32/cmd.exe > [Sun Mar 24 20:42:29 2002] [error] [client 63.198.148.139] File does > not exist: /archive/www/cia/scripts/..%5c../winnt/system32/cmd.exe > [Sun Mar 24 21:13:11 2002] [error] [client 63.198.148.139] File does > not exist: /archive/www/cia/scripts/root.exe > [Sun Mar 24 21:13:12 2002] [error] [client 63.198.148.139] File does > not exist: /archive/www/cia/MSADC/root.exe > [Sun Mar 24 21:13:13 2002] [error] [client 63.198.148.139] File does > not exist: /archive/www/cia/c/winnt/system32/cmd.exe > [Sun Mar 24 21:13:14 2002] [error] [client 63.198.148.139] File does > not exist: /archive/www/cia/d/winnt/system32/cmd.exe > [Sun Mar 24 21:13:15 2002] [error] [client 63.198.148.139] File does > not exist: /archive/www/cia/scripts/..%5c../winnt/system32/cmd.exe > [Sun Mar 24 21:13:17 2002] [error] [client 63.198.148.139] File does > not exist: > /archive/www/cia/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.e > xe > [Sun Mar 24 21:13:19 2002] [error] [client 63.198.148.139] File does > not exist: > /archive/www/cia/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.e > xe > [Sun Mar 24 21:13:20 2002] [error] [client 63.198.148.139] File does > not exist: > /archive/www/cia/msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/s > ystem32 > /cmd.exe > > Jesse Geddis > > > > "My fellow Americans, I've signed legislation that will outlaw Russia > forever. We begin bombing in five minutes." > --Ronald Reagan > > > _ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-stable" in the body of the message > > > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
attempted exploits
wow, this person is quite effective. they've been trying this since this morning 4mins after i got my web server up. been doing it every half hour for 7 hours lol. trying to execute arbitrary Windows code on a FreeBSD server! [Sun Mar 24 20:41:55 2002] [error] [client 63.198.148.139] File does not exist: /archive/www/cia/scripts/..Á../winnt/system32/cmd.exe [Sun Mar 24 20:42:05 2002] [error] [client 63.198.148.139] File does not exist: /archive/www/cia/scripts/..À¯../winnt/system32/cmd.exe [Sun Mar 24 20:42:10 2002] [error] [client 63.198.148.139] File does not exist: /archive/www/cia/scripts/..Á../winnt/system32/cmd.exe [Sun Mar 24 20:42:29 2002] [error] [client 63.198.148.139] File does not exist: /archive/www/cia/scripts/..%5c../winnt/system32/cmd.exe [Sun Mar 24 21:13:11 2002] [error] [client 63.198.148.139] File does not exist: /archive/www/cia/scripts/root.exe [Sun Mar 24 21:13:12 2002] [error] [client 63.198.148.139] File does not exist: /archive/www/cia/MSADC/root.exe [Sun Mar 24 21:13:13 2002] [error] [client 63.198.148.139] File does not exist: /archive/www/cia/c/winnt/system32/cmd.exe [Sun Mar 24 21:13:14 2002] [error] [client 63.198.148.139] File does not exist: /archive/www/cia/d/winnt/system32/cmd.exe [Sun Mar 24 21:13:15 2002] [error] [client 63.198.148.139] File does not exist: /archive/www/cia/scripts/..%5c../winnt/system32/cmd.exe [Sun Mar 24 21:13:17 2002] [error] [client 63.198.148.139] File does not exist: /archive/www/cia/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.e xe [Sun Mar 24 21:13:19 2002] [error] [client 63.198.148.139] File does not exist: /archive/www/cia/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.e xe [Sun Mar 24 21:13:20 2002] [error] [client 63.198.148.139] File does not exist: /archive/www/cia/msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/s ystem32 /cmd.exe Jesse Geddis "My fellow Americans, I've signed legislation that will outlaw Russia forever. We begin bombing in five minutes." --Ronald Reagan _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
RE: top wrong again?
was only the ppl in the original to: and cc: fields who did. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dave Uhring Sent: Sunday, March 24, 2002 4:17 PM To: [EMAIL PROTECTED]; Jonathan Chen Cc: Kris Kennaway; [EMAIL PROTECTED] Subject: Re: top wrong again? On Sunday 24 March 2002 05:10 pm, Jesse Geddis wrote: > holy spam batman! it looks like majordomo is resending old messages. > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Dave Uhring > Sent: Thursday, March 14, 2002 9:56 PM > To: [EMAIL PROTECTED]; Jonathan Chen > Cc: Kris Kennaway; [EMAIL PROTECTED] > Subject: Re: top wrong again? > > On Thursday 14 March 2002 23:38, Jesse Geddis wrote: > > here, different machine while compiling the kernel. maybe this is > > more along the lines of the original email: > > > > With 90% idle, I'd expect to see most of your process running 0%; > > so there doesn't appear to be anything wrong with your top output. > > OK, then try this one. I'm running make buildworld on a 4.5-RELEASE > system with sources CVSup'd about 1/2 hour ago. > I didn't receive that one again. How come other people got it?? To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
RE: ha!
yea, they got a MS one too and some university ones, but the BSD one was the only good one =) works too lol. they seem to be a linux shop unfortunately. someone needs to go to work on them methinks. -Original Message- From: Chad Leigh -- Shire.Net LLC [mailto:[EMAIL PROTECTED]] Sent: Friday, March 15, 2002 8:21 AM To: [EMAIL PROTECTED] Cc: FreeBSD-STABLE Subject: Re: ha! On Friday, March 15, 2002, at 11:20 , Jesse Geddis wrote: > Never knew google had this, lol. I love that little Daemon =) > > http://www.google.com/bsd Interesting.They also have http://www.google.com/linux http://www.google.com/mac I wonder hopw many more of these there are. Chad > > _ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-stable" in the body of the message > _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
ha!
Never knew google had this, lol. I love that little Daemon =) http://www.google.com/bsd _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
