TheTAZZone - Internet Chaos

Tutorial – Network Intrusions


Do not use, republish, in whole or in part, without the consent of the Author. TheTAZZone policy is that Authors retain the rights to the work they submit and/or post…we do not sell, publish, transmit, or have the right to give permission for such…TheTAZZone merely retains the right to use, retain, and publish submitted work within it’s Network

Code: Select all
This excellent tutorial is the work of NTSA, who has very kindly consented to the TAZ hosting it.Enjoy!

This is an impromptu tutorial on tracing skiddiots – because I just found one in our logs:

ClientHost LogTime Service Machine
——————————————————————————- 2002-06-15 17:49:30.000 W3SVC1 NTSA-SERVServerIP Target Parameters
—————————————————————————- /scripts/..%5c%5c../winnt/system32/cmd.exe /c+dir

I’m sure we all recoginse the cook-book directory traversal explot attempted here (which failed btw). So it’s a kiddiot. Let’s take a quick trip to :

Trying whois -h
University of Virginia
Academic Computing Center
Gilmer Hall
Charlottesville, VA 22901
Netblock: –
Maintainer: VER

Jokl, James A. (JAJ17-ARIN) jaj@VIRGINIA.EDU
(804) 924-0616

Domain System inverse mapping provided by:


Record last updated on 05-Apr-1994.
Database last updated on 14-Jun-2002 20:01:02 EDT.

So the kiddiot is (probably) a student at University of Virginia. A nasty letter to the Netblock administartor will mean that’s one kiddiot who’s in for a nasty shock monday morning Word Up – and the word was ‘busted’.

Hi –You are listed as the admin contact for the Netblock: –

University of Virginia
Academic Computing Center
Gilmer Hall
Charlottesville, VA 22901

We monitored an attempted network intrusion from an address in your IP range today (2002-06-15). The attack, (which failed) came from IP address at 17:49:30(GMT). The actual attack attempted was a simple directory traversal expolit against a command line.

I would be grateful if you could take appropriate sanctions against the student involved. Someone obviously considers themselves to be ‘l33t’ – perhaps you could explain to them that under new US legislation that such exploits are classed as terrorism.


Leave a Reply

Your email address will not be published. Required fields are marked *


If you'd like to advertise on The Mutt ( aka ) feel free to contact us at: administration[at]

TheTAZZone is a non-commercial entity. We do not sell any products or services ourselves. Our revenue comes from advertising and donations only.

We appreciate your support! Your advertising revenue ( or donations ) helps us to continue to upgrade, improve, and offset the costs of maintaining this site.

Donations can be made through the page ' Donate '.