Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: Need help to find web server attacks signature
From: Fatih Özavcı <holden () siyahsapka com>
Date: 23 Oct 2003 11:38:19 +0000
Maybe attacker used a cgi scanner like whisker or nikto. This log
contains some whell-known vulnerable cgi's, misconfigured admin pages
and vulnerable php applications.

I don't think it's Retina. Retina can scan only some whell-known
vulnerabilities or buffer overflows and focused windows applications.
But i found some cgi applications for *nix in this log. I think it's a
cgi scanner.


-- 
Fatih Ozavci
IT Security Consultant

On Wed, 2003-10-22 at 19:23, Muhammad Naseer wrote:

Sounds to be Retina using CHM for HTTP.


Naseer


----- Original Message ----- 
From: "Maxime Ducharme" <maxime () pandore-design com>
To: <incidents () securityfocus com>
Sent: Wednesday, October 22, 2003 10:43 PM
Subject: Need help to find web server attacks signature




Hi all,
    i'd need help to identify an attack that happened on one of our
customer's web server yesterday, I put the log file here :
http://www.pandore-design.com/security/2003-10-21-IIS-attack.txt

I see some attacks that seem to be a security scanner tool,
and some attacks which targets specific pages of the web site
(where we begin to see 200 responses from the web server).

Someone recognize a tool / virus / worm in this ?

Thanks in advance for help

---------------------------------------------------------------
  Maxime Ducharme
  Administrateur reseau, Programmeur



--------------------------------------------------------------------------

-

FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_incidents_031015
--------------------------------------------------------------------------

--





---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_incidents_031015




---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_incidents_031015
----------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]