Re: iptables filtering rules
The entries you are seeing are caused by the army of infected MS IIS server
(Codered, Nimda, etc) try to hack into other IIS servers at random. I see
these on every web server I manage that aren't behind a firewall (ie,
blocking port 80).
Andrew Tait
System Administrator
Country NetLink Pty, Ltd
E-Mail: andrewt@cnl.com.au
WWW: http://www.cnl.com.au
30 Bank St Cobram, VIC 3644, Australia
Ph: +61 (03) 58 711 000
Fax: +61 (03) 58 711 874
"It's the smell! If there is such a thing." Agent Smith - The Matrix
----- Original Message -----
From: "Luiz Carlos Santos de Alencar" <luiz@infoporto.com.br>
To: <debian-security@lists.debian.org>
Sent: Friday, April 26, 2002 12:50 PM
Subject: Re: iptables filtering rules
> Andras GALAMBOSI wrote:
>
> > Hello all,
> >
> > ...
> > as the webserver is an ii$, I am sure, that some firewall rules must be
set
> > up for these two ports. The access.log shows, that is a MUST:
> > GET /scripts/root.exe?/c+dir HTTP/1.0
> > GET /MSADC/root.exe?/c+dir HTTP/1.0
> > GET /c/winnt/system32/cmd.exe?/...
>
> Hi
>
> I've found entries like this in the log of a site recently migrated
> from a NT to a BeOS box; probably due to the old structure of some
> web pages still dependents of M$ typical server extensions, in my
> situation.
>
> --- Luiz
>
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
>
>
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: