[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] SOMEBODY IS HACKING ME!!!!



Title: SOMEBODY IS HACKING ME!!!!

List, please help in this issue. I'm receiving in my Webserver an CPU-Overloader ocean of strings in the next form:

webserver - - [23/May/2002:16:52:51 -0500] "GET /scripts/root.exe HTTP/1.0" 404 207
webserver - - [23/May/2002:16:52:55 -0500] "GET /MSADC/root.exe HTTP/1.0" 404 207
webserver - - [23/May/2002:16:52:58 -0500] "GET /cmd.exe HTTP/1.0" 404 207
webserver - - [23/May/2002:16:53:06 -0500] "GET /winnt/system32/root.exe HTTP/1.0" 404 207
webserver - - [23/May/2002:16:53:08 -0500] "GET /../winnt/system32/root.exe?/c+dir HTTP/1.0" 404 207
webserver - - [23/May/2002:16:53:10 -0500] "GET /../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 207
webserver - - [23/May/2002:16:53:12 -0500] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 207
webserver - - [23/May/2002:16:53:15 -0500] "GET /MSADC/root.exe HTTP/1.0" 404 207
webserver - - [23/May/2002:16:53:17 -0500] "GET /cmd.exe HTTP/1.0" 404 207
webserver - - [23/May/2002:16:53:24 -0500] "GET /winnt/system32/root.exe HTTP/1.0" 404 207
webserver - - [23/May/2002:16:53:33 -0500] "GET /system32/root.exe HTTP/1.0" 404 207

My Webserver is protected with a NT-based Checkpoint Firewall-1 SP5 and I know about the http service with resource, and adding an URI definition with some match filter, but I really don't understand it very well, Can somebody help?

Thanks in advance
Carlos Garrido