note on security paranoia [wasRe: [oclug]Apache Logs]
Dave O'Neill
dmo at acm.org
Wed Oct 30 14:33:42 EST 2002
On Wed, Oct 30, 2002 at 02:12:47PM -0500, Shad Young wrote:
[ snip ]
> 1) Lack of consistency. Logger is often fooled by external protocols.
> 2) Lack of understanding of non Linux protocols. In your particular case, as
> I watch the flood of misinformation come in, the lack of understanding of MS
> FrontPage's .net extensions and other non Linux RPC get said protocols
> labeled as hack attempts.
Uh, no. Requests for
/var/www/html/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
are the product of one of the recent worm attacks on IIS. There are many
infected boxes still out there spewing this attack around.
-dave0
--
('>
//\ dmo at acm dot org
v_/_
More information about the OCLUG
mailing list