Do not use, republish, in whole or in part, without the consent of the Author. TheTAZZone policy is that Authors retain the rights to the work they submit and/or post…we do not sell, publish, transmit, or have the right to give permission for such…TheTAZZone merely retains the right to use, retain, and publish submitted work within it’s Network

Code: Select all
This excellent tutorial is the work of NTSA, who has very kindly consented to the TAZ hosting it.Enjoy!

This is an impromptu tutorial on tracing skiddiots – because I just found one in our logs:

ClientHost LogTime Service Machine
——————————————————————————- 2002-06-15 17:49:30.000 W3SVC1 NTSA-SERVServerIP Target Parameters
xxx.xxx.xxx.xxx /scripts/..%5c%5c../winnt/system32/cmd.exe /c+dir

I’m sure we all recoginse the cook-book directory traversal explot attempted here (which failed btw). So it’s a kiddiot. Let’s take a quick trip to www.samspade.org :

Trying whois -h whois.arin.net
University of Virginia
Academic Computing Center
Gilmer Hall
Charlottesville, VA 22901
Netblock: –
Maintainer: VER

Jokl, James A. (JAJ17-ARIN) jaj@VIRGINIA.EDU
(804) 924-0616

Domain System inverse mapping provided by:


Record last updated on 05-Apr-1994.
Database last updated on 14-Jun-2002 20:01:02 EDT.

So the kiddiot is (probably) a student at University of Virginia. A nasty letter to the Netblock administartor will mean that’s one kiddiot who’s in for a nasty shock monday morning Word Up – and the word was ‘busted’.

Hi –You are listed as the admin contact for the Netblock: –

University of Virginia
Academic Computing Center
Gilmer Hall
Charlottesville, VA 22901

We monitored an attempted network intrusion from an address in your IP range today (2002-06-15). The attack, (which failed) came from IP address at 17:49:30(GMT). The actual attack attempted was a simple directory traversal expolit against a command line.

I would be grateful if you could take appropriate sanctions against the student involved. Someone obviously considers themselves to be ‘l33t’ – perhaps you could explain to them that under new US legislation that such exploits are classed as terrorism.


By admin

Former Freehand Freelance Graphic Illustrator... been online since 2004 ( late starter ), blogging since 2005, presently writing a suspense-thriller e-book that began as a screenplay.