[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Strange httpd/access_log entry

To: silug-discuss@silug.org
Subject: Re: Strange httpd/access_log entry
From: wllmundrwd@netscape.net (William Underwood)
Date: Thu, 11 Apr 2002 13:33:54 -0400
Organization: Southern Illinois Linux Users Group
Reply-To: silug-discuss@silug.org
Sender: silug-discuss-owner@silug.org

>-----Original Message-----
>From: Gary [mailto:medmanks@mcleodusa.net]
>Sent: Thursday, April 11, 2002 12:20 PM
>To: silug-discuss@silug.org
>Subject: Re: Strange httpd/access_log entry
>
>
>On Thu, Apr 11, 2002 at 01:07:51PM -0400 or thereabouts, William Underwood wrote:
>Hi William...haven't talked to you since the meeting..
>> Inline....
>
>sorry, I'll try, or maybe next time send as an attached txt file.
He-heh, sorry.  I was just indicating that my comments were inline, as opposed to stuck at the top, or bottom, of my reply email.

>> >Can anyone help me out here...
>> >
>> >I found these entries, is someone trying to hack me?
>> Yes, but don't worry, they're looking for an unpatched MS IIS server
>
>Jerk
Eh... Probably either a script-kiddie, or a runaway bot...

>> >What is really weird is in a browser, if I type file://64.163.212.171/
>> >I get the entire listing for my HD
>> Is that your IP, or someone else's?  And is your client a Windows box, or Linux, or what?
>No, that is a pacbell address invader... not, mine... 
Hmm.. Well, pacbell has a lot of DSL users, and that IP is one of them.  Chances are, it's some idiots box, totally unpatched, with a run away Nimda going... 

>I'm using RH 7.2
Oooh.. you're sooo kewl!  ;-)  Do the browser and platform you're using support the file: protocol?  

>This guy ain't too smart.. I did a cursory nmap on him 
Neither is that... Never nmap a host that's not yours.. Just send your logs to pacbells security contact.

> and found a lot of ports open on him, including IRC.. a real no-no...
>
>What I cannot figure out is how, in Mozilla, if I type in
>
>file://64.163.212.171/
>
>I get a entire HD listing of my HD..
See my comment above...

>--
>Best regards,
>Gary
>
>Today's thought: Try to relax and enjoy the crisis.
Yeah, sure...

William

-- 
William Underwood
wllmundrwd@netscape.net



__________________________________________________________________
Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/

Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/


-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.

Follow-Ups:
- Re: Strange httpd/access_log entry
  - From: Gary <medmanks@mcleodusa.net>

Prev by Date: Re: Strange httpd/access_log entry
Next by Date: Re: Strange httpd/access_log entry
Prev by thread: Re: Strange httpd/access_log entry
Next by thread: Re: Strange httpd/access_log entry
Index(es):
- Date
- Thread