[TriLUG] deciphering access logs

Brent Verner brent at rcfile.org
Thu Jan 3 20:03:11 EST 2002


[2002-01-03 19:23] John Beimler said:
| quotation from Andy Naylor <anaylor at nc.rr.com> [on 020103 19:13]::
| 
| > Could anyone point me to some help on decoding access logs?
| > 
| > ny-lancaster1b-393.buf.adelphia.net - - [01/Jan/2002:12:26:04 -0500]
| > "GET/MSADC/root.exe?/c+dir HTTP/1.0" 404 314 "-" "-"
| > 
| someone on Adelphia's cable network thinks you are running windows and 
| is trying a number of windows exploits.  You can poke around at 
| securityfocus.com and search on some of the URLs and turn up what 
| exploit they are trying, but most likely they are looking for computers 
| that are still infected with some sort of CodeRed (boy am I glad thats 
| gone.)

Not near gone, from my POV. I get about 200 bunk requests from infected
windows machines every /day/ on my cable connection.  The only way it 
will ever be "gone" is we finally get rid of software from that shining
beacon of quality and goodness from the north west :-\

On a side note, I wonder if we could all get together and file a class
action suit against Microsoft for bandwidth consumption due to their
negligence?

cheers.
  b

-- 
"Develop your talent, man, and leave the world something. Records are 
really gifts from people. To think that an artist would love you enough
to share his music with anyone is a beautiful thing."  -- Duane Allman



More information about the TriLUG mailing list