RUG 13 98 NCIS EREG GSHQ 884 445-2982 t- oo43o 01 Report Date 30 April 1997 name Co ndian Head MD b4 Phone COMM 301 743-6474 Phone DSN 354-6474 E-Mai F hq navaea navy mil navaea navy mil Type In rueion Attempts Suspect IP Victim IP 144 11 10 110 Port Service Incident DateNCIS Case Case Status By Notes After receiving a NAVCIRT Advisory on cgi-bin vulnerabilities the command checked their audit loge for traces of attempts to exploit the vulnerabilities identified The command found 24 attempts to get thei password file from 18 separate IP addresses dating between 3 December through 30 April 1997 54 e Logs follow F fcgi-bin WebQuery HTTP 404 message 23 12 1 404 166 a HTTP 404 145 a 404 146 md59-099 compueorve com 25 Dec 1996 05 23 lcgi-bin waie-text-nmlt i 404 152 tel enterprise ca 06 Jan 1997 21 200 101 AcattZO etc paaswd 200 88 head682 dt navy mil HTTP 1 0 404 146 head682 dt navy mi1 HTTP Page 1 Ft Hut 12 db 65 334401 NCIS EREG BSHQ 584 445-2982 0 60430 01 1 0 404 146 head682 dt navy mil lcoml23 Jan 1997 14 35 40 terse terse 404 4 - 200 92 vianet nat au -a bin cat%20 etc passwd zoo 93 -a zoo 76 ll Mar 1997 21 10 GET 404 132 404 144 404 147 m compuserve a 1n ca O etc paaswd HTTP 1 0 200 93 albin catiZD atc passwd 200 93 pp963 cityline ru e%20 a 404 139 - O-eaf 404 139 pp963 cityline ru 404 139 b e Page 2 FEB HTTP cgi bin nhf Qaliasax% reg cgi-bin phf Oaunam p