帮我看看我的web log吧 - 未名空间MITBBS历史存档

国际科技财经博客移民网络热点娱乐民生时事公众号

Redian新闻

>未名空间

>Security - 系统安全

帮我看看我的web log吧

帮我看看我的web log吧# Security - 系统安全

s*r2003-06-13 07:06

1 楼

前日网络忽然断了,一问是被学校网管block了
自省一下,最近没down mp3 avi,只是用iis开了http service
查了以下weblog果然有问题,不过看不懂对方在做什么,还请大家看看
这只是一天的
00:24:29 128.8.198.188 HEAD /Default.htm 200
00:24:29 128.8.198.188 HEAD /MSADC/root.exe 404
00:24:29 128.8.198.188 HEAD /PBServer/..%5c..%5c..%5cwinnt/system32/cmd.exe
404
00:24:29 128.8.198.188 HEAD /PBServer/..%5c..%5c..%5cwinnt/system32/cmd.exe
404
00:24:30 128.8.198.188 HEAD /PBServer/..%5c..%5c..%5cwinnt/system32/cmd.exe
404
00:24:32 128.8.198.188 HEAD /PBServer/..%5c..%5c..%5cwinnt/

a*a2003-06-13 07:06

2 楼

Something more in detail? I am interested in knowing it too.

/PBServer/..%5c..%5c..%5cwinnt/system32/cmd.exe
/PBServer/..%5c..%5c..%5cwinnt/system32/cmd.exe
/PBServer/..%5c..%5c..%5cwinnt/system32/cmd.exe
/PBServer/..%5c..%5c..%5cwinnt/system32/cmd.exe

s*r2003-06-13 07:06

3 楼

the mail from school's network admin:
>This host was observed scanning off-campus machines for windows ports 139
and 445. Upon further investigation, I found a suspicious service running on
port 6129.
>
>To prevent further attacks the network to this host has been turned off.
>Once the machine is cleaned/reinstalled file this call into the SECURITY
>workgroup for network access to be restored.
is the 'probe' action related with it?
it seems they can write on my hd.
I have the weblog for these da