[CLUE-Tech] What would you all make of this?
Mike Staver
staver at fimble.com
Mon Dec 17 22:02:24 MST 2001
I'm definitely not saying your ISP is not secure, it really has nothing
to do with security, unless you're using windows NT that is :) I can
show you any webserver on our network, or any other network that I have
access to, that has a webserver running - yet no pages on it at all.
The logs are filled with junk from the worms all over the world on NT
boxes trying to get to certain windows web server files. The worm
simply tries to buffer overflow some files through port 80, so unless
you're doing something special at the router level to block that traffic
(I have no idea if that's even possible), I'm willing to bet that all
your traffic being logged is from those worms. I had a good laugh the
other day when I saw in my logs that indianajones.com was trying to
spread the worm onto my unaffected linux web server! I tried contacing
lucas films to tell them, but for some odd reason, they didn't post a
phone number on their site that goes directly to their webmaster or
server admins ;)
Kevin Cullis wrote:
>
> Mike,
>
> I don't have access to the server, but I know it's secure, my ISP is a
> GREAT ISP!!!! I'm just curious about this data that I have access to.
> Thanks for the comments.
>
> Kevin
>
> Mike Staver wrote:
> >
> > Without any more info... I would have to see the stupid code red/nmidia
> > worm is simply trying to access your site. We'd easily be able to tell
> > you if you send snippets from the logs, or take screen shots of
> > http://yourserver/server-status or something like that. Is that
> > possible for you to do? It seems pretty obvious to me seeing that each
> > host has hit your server 2001 times each, and you have nothing there but
> > a "temp" page.
> >
> > Kevin Cullis wrote:
> > >
> > > Hi all,
> > >
> > > Here's the stats from my web site, which currently only has a holder
> > > page on it, but here's the data from the web stats program:
> > >
> > > Time Date Month Bytes Hits Bytes Domain
> > > 10:35:35 2 Dec 2001 2 21253 konserv.kalatehas.net
> > > 10:49:01 2 Dec 2001 2 21253 cpe002078cfbbf0.cpe.net.cable.rogers.com
> > > 10:50:39 2 Dec 2001 2 21253 pd90142a9.dip.t-dialin.net
> > > 10:51:38 2 Dec 2001 2 21253 atga34eay32ej.bc.hsia.telus.net
> > > 11:02:50 2 Dec 2001 2 21253 modemcable023.30-203-24.mtl.mc.videotron.ca
> > > 11:04:48 2 Dec 2001 2 21253 adsl-156-210-121.bct.bellsouth.net
> > > 11:07:32 2 Dec 2001 2 21253 pec-51-234.tnt8.me2.uunet.de
> > > 11:07:48 2 Dec 2001 2 21301 really.badf00d.org
> > > 11:11:01 2 Dec 2001 2 21253 h24-64-240-187.cg.shawcable.net
> > > 11:12:04 2 Dec 2001 2 21301 cache2.iskon.hr
> > > 11:13:32 2 Dec 2001 2 21253 ct819918-c.blmngtn1.in.home.com
> > > 11:28:31 2 Dec 2001 2 21253 cpe002078c9a54b.cpe.net.cable.rogers.com
> > > 11:30:45 2 Dec 2001 2 21253 adsl-64-164-10-178.dsl.snfc21.pacbell.net
> > > 11:31:33 2 Dec 2001 2 21253 ip134-053-218-180.s218.muohio.edu
> > > 11:37:51 2 Dec 2001 2 21253 styro.lib.muohio.edu
> > > 11:39:26 2 Dec 2001 2 21253 ras17-p76.rvt.netvision.net.il
> > > 11:41:57 2 Dec 2001 2 21253 h24-77-109-105.vc.shawcable.net
> > > 11:42:17 2 Dec 2001 2 21253 ci1895-a.lxintn1.ky.home.com
> > > 11:45:42 2 Dec 2001 2 21253 cj374301-b.indpdnce1.mo.home.com
> > > 12:00:16 2 Dec 2001 2 21253
> > > dialup-67.25.113.102.dial1.sanjose1.level3.net
> > > 12:11:22 2 Dec 2001 5 22643 209-239-217-82.lax.jps.net
> > > 12:12:56 2 Dec 2001 2 21277 inktomi1-bre.server.ntl.com
> > > 12:13:08 2 Dec 2001 3 21753 s7-236.r1.attbi.com
> > > 12:17:49 2 Dec 2001 2 21253 sdn-ar-013mokcitp258.dialsprint.net
> > > 12:18:50 2 Dec 2001 2 21301 cc820577-e.hwrd1.md.home.com
> > > 12:19:57 2 Dec 2001 2 21301 dsl-213-023-050-174.arcor-ip.net
> > > 12:21:15 2 Dec 2001 2 21253 24-216-166-10.hsacorp.net
> > > 12:22:14 2 Dec 2001 2 21253 tomas.guldheden.chalmers.se
> > > 12:24:23 2 Dec 2001 2 21253 cable-195-162-215-167.upc.chello.be
> > > 12:27:17 2 Dec 2001 1 13659 black-sheep.leeds.wwwcache.ja.net
> > > 12:27:25 2 Dec 2001 1 7642 olive.ulcc.wwwcache.ja.net
> > > 12:31:43 2 Dec 2001 3 21753 ep111.ips.paulbunyan.net
> > > 12:33:02 2 Dec 2001 3 21753 adsl-66-72-105-69.dsl.chcgil.ameritech.net
> > > 12:41:57 2 Dec 2001 2 21253 ppp-216-63-116-63.dialup.bumttx.swbell.net
> > > 12:47:59 2 Dec 2001 2 21253 dynaisdn7-156.knoware.nl
> > > 12:51:49 2 Dec 2001 1 13635 ppp-65-90-118-149.mclass.broadwing.net
> > > 12:56:48 2 Dec 2001 2 21253 proxy1.meijer.com
> > > 12:56:56 2 Dec 2001 2 21253 rdu57-8-204.nc.rr.com
> > > 12:58:36 2 Dec 2001 2 21253 adsl-65-69-60-93.dsl.stlsmo.swbell.net
> > > 13:02:40 2 Dec 2001 2 21301 adsl-63-202-183-186.dsl.snfc21.pacbell.net
> > > 13:30:35 2 Dec 2001 6 23253 modemcable100.140-200-24.mtl.mc.videotron.ca
> > > 13:34:06 2 Dec 2001 3 21777 pr7-ts.telepac.pt
> > > 13:40:12 2 Dec 2001 2 21253 t8o84p88.telia.com
> > > 13:59:18 2 Dec 2001 2 21253
> > > dialup-63.214.71.118.dial1.boston1.level3.net
> > > 14:36:16 2 Dec 2001 3 21801 invdnsmm2.sit.ac.nz
> > > 14:53:25 2 Dec 2001 2 21253 ipc379a705.dial.wxs.nl
> > > 15:24:58 2 Dec 2001 2 21253 cx545657-a.vista1.sdca.home.com
> > > 15:26:17 2 Dec 2001 2 21253 emo.res.cmu.edu
> > > 15:36:49 2 Dec 2001 2 21253 sdcax57-168.dialup.optusnet.com.au
> > > 16:03:46 2 Dec 2001 2 21253 213-187-162-164.dd.nextgentel.com
> > > 16:33:46 2 Dec 2001 2 21253 metc-06-106.rh.ncsu.edu
> > > 16:35:26 2 Dec 2001 2 21253 dax.kom.tuwien.ac.at
> > > 16:38:04 2 Dec 2001 2 21253 port54-17-37.adsl.win.co.nz
> > > 16:40:56 2 Dec 2001 2 21253 cpe0050baab20fc.cpe.net.cable.rogers.com
> > > 16:49:20 2 Dec 2001 2 21301 145.2-254.110.199.200.telemar.net.br
> > > 16:53:46 2 Dec 2001 2 21253 luck.canad.ro
> > > 16:58:35 2 Dec 2001 2 21253 cn794260-a.newcas1.de.home.com
> > > 17:00:47 2 Dec 2001 2 21253 mkc-65-31-214-214.kc.rr.com
> > > 17:39:26 2 Dec 2001 2 21253 cal044102.student.utwente.nl
> > > 17:41:06 2 Dec 2001 5 29826 adsl-83-156-71.mco.bellsouth.net
> > > 17:41:10 2 Dec 2001 2 21253 niamey.ockers.net
> > > 18:18:01 2 Dec 2001 3 21801 222.009.dsl.syd.iprimus.net.au
> > > 18:21:28 2 Dec 2001 2 21253 a143222.upc-a.chello.nl
> > > 18:57:48 2 Dec 2001 2 21253 242842hfc49.tampabay.rr.com
> > > 19:12:34 2 Dec 2001 2 21253 ts1-132.f1231.quebectel.com
> > > 19:26:23 2 Dec 2001 2 21253 cc2111348-a.strhg1.mi.home.com
> > > 19:27:41 2 Dec 2001 3 21753 max113.ectisp.net
> > > 19:31:11 2 Dec 2001 2 21253 horus.acceleration.net
> > > 19:33:25 2 Dec 2001 2 21253 adsl-156-132-43.bgk.bellsouth.net
> > > 19:49:49 2 Dec 2001 2 21301 freyja.nlanr.net
> > > 19:55:34 2 Dec 2001 2 21253 rdu162-246-221.nc.rr.com
> > > 20:13:34 2 Dec 2001 3 21753 cache-har.cableinet.co.uk
> > > 20:19:38 2 Dec 2001 5 22753 dsl092-166-078.wdc1.dsl.speakeasy.net
> > > 20:53:39 2 Dec 2001 2 21301 modemcable078.127-201-24.mtl.mc.videotron.ca
> > > 21:05:12 2 Dec 2001 2 21253 dc1-cache4.syd.dav.net.au
> > > 21:16:25 2 Dec 2001 2 21301 tc10-12.tc.nd.edu
> > > 21:47:38 2 Dec 2001 2 21253 wc07.ym.rnc.net.cable.rogers.com
> > > 22:01:44 2 Dec 2001 2 21253 ip-63.121.203.141.indigital.net
> > > 23:31:03 2 Dec 2001 2 21277 proxy2.rivrw1.nsw.optushome.com.au
> > > 23:33:37 2 Dec 2001 2 21253 modemcable057.67-200-24.mtl.mc.videotron.ca
> > > 23:55:26 2 Dec 2001 2 21301 modemcable215.12-130-66.mtl.mc.videotron.ca
> > >
> > > ---------
> > >
> > > Have I been tried to be hacked, at least for the most part?
> > >
> > > Kevin
> > > _______________________________________________
> > > CLUE-Tech mailing list
> > > CLUE-Tech at clue.denver.co.us
> > > http://clue.denver.co.us/mailman/listinfo/clue-tech
> >
> > --
> >
> > -Mike Staver
> > staver at fimble.com
> > mstaver at globaltaxnetwork.com
> > http://www.fimble.com/staver
> > _______________________________________________
> > CLUE-Tech mailing list
> > CLUE-Tech at clue.denver.co.us
> > http://clue.denver.co.us/mailman/listinfo/clue-tech
>
> --
>
> "Success is never final, failure is never fatal" - Kevin Cullis
> ---
> Kevin Cullis
> kcullis at coloradoexcellence.org
> 303-893-CPEX (2739)
> Colorado Performance Excellence, Inc
> http://www.coloradoexcellence.org
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
--
-Mike Staver
staver at fimble.com
mstaver at globaltaxnetwork.com
http://www.fimble.com/staver
More information about the clue-tech
mailing list