× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. December 2002

Re: Remote Access (Again)

>because I'm running Linux

Pete - I'm sure you are well patched, but to others,
some of these scripts are more nix related:

/cgi-bin/formmail.pl
/cgi-bin/formmail.cgi
/cgi-bin/phf
/cgi-bin/php.cgi
/cgi-bin/aglimpse
/cgi-bin/campas
/cgi-bin/mailto.pl
/cgi-bin/Count.cgi
/cgi-bin/handler
/cgi-bin/webgais
/cgi-bin/websendmail
/cgi-bin/faxsurvey
/cgi-bin/htmlscript
/cgi-bin/pfdisplay.cgi
/cgi-bin/perl.exe
/cgi-bin/wwwboard.pl
/cgi-dos/uploader.exe
/cgi-win/uploader.exe

from www.incidents.org - the currently most scanned ports:
Top Attacked Ports
netbios-ns137
http80
ms-sql-s1433
ftp21
smtp25
netbios-ssn139
microsoft-ds445
edonkey4665
sa-msg-port1646
???4662

Trends
 4668Backdoor-AML-SMTP
 4672rfa
 69BackGate
 6257WinMX
 4661eDonkey2000
 1812radius
 137netbios-ns
 80www
 1214Grokster
 6346BearShare
 4665eDonkey2000

jim


----- Original Message -----
From: "Pete Hall" <pbhall@ameritech.net>
To: <midrange-l@midrange.com>
Sent: Wednesday, December 04, 2002 7:58 PM
Subject: Re: Remote Access (Again)


> At 11:16 12/04/2002, Jim Franz wrote:
> >just for fun - this is an automated script attack against port 80
> >http server. Took 6 seconds) I get 10-20 a day from different ip's. All
> >automated.
>
> I recently opened up port 80 on my firewall for a short term project, and
I
> was seeing that kind of thing routinely in the Apache error logs. It
didn't
> hurt anything because I'm running Linux, but it got me interested. I wrote
> some code to filter out the uninteresting messages (mostly just ignore
> netbios on port 137 - thanks again Bill). I haven't had any epiphanies
yet,
> but there are definite patterns to it. It's kinda like listening to one of
> those recordings of whale songs from thousands of miles away. Lots of
> activity from Kazaza and Bearshare/Gnutella networks, which is a little
> scary, but so far usually not too excessive. Lots of strange things, like
> hits from eastern Europe, looking for a TFTP server. I'll bet their
boot-up
> times are llloooooong.
>
>
> Pete Hall
> pbhall@ameritech.net
> http://www.pbhall.us/
>
> _______________________________________________
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
> To post a message email: MIDRANGE-L@midrange.com
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
> or email: MIDRANGE-L-request@midrange.com
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
>

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.