[TriLUG] deciphering access logs
John Beimler
john at radiomind.com
Thu Jan 3 19:23:59 EST 2002
quotation from Andy Naylor <anaylor at nc.rr.com> [on 020103 19:13]::
> Could anyone point me to some help on decoding access logs?
>
> ny-lancaster1b-393.buf.adelphia.net - - [01/Jan/2002:12:26:04 -0500]
> "GET/MSADC/root.exe?/c+dir HTTP/1.0" 404 314 "-" "-"
>
someone on Adelphia's cable network thinks you are running windows and
is trying a number of windows exploits. You can poke around at
securityfocus.com and search on some of the URLs and turn up what
exploit they are trying, but most likely they are looking for computers
that are still infected with some sort of CodeRed (boy am I glad thats
gone.)
Peace.
john
More information about the TriLUG
mailing list