Hi This thread makes kinda scary reading. Can someone reassure me that Code Red and Nimda are only problems if you are running a web server? and not if you just have a standard ADSL connection? Thanks Mark ----- Original Message ----- From: "Nello Sestini" <[EMAIL PROTECTED]> To: "Multiple recipients of list offtopic" <[EMAIL PROTECTED]> Sent: Thursday, October 04, 2001 4:43 PM Subject: Re: [DUG-OFFTOPIC]: tftp.exe - Continued
> > The place is usual winnt\system32. > > This log entry (and other like it): > 01:26:12 203.173.177.17 GET /scripts/..%5c../winnt/system32/cmd.exe 200 > > show that there is (or was) a cmd.exe that could successfully > be reached via an HTTP get to your IIS server. > > If you don't have a rogue copy of cmd.exe sitting in your > scripts directory (or someplace downstream from your document root) > then perhaps you have a "virtual directory" defined > that maps your \winnt\system32 directory to an accessible > webserver path. You could check for this by looking in > your IIS configuration. > > The above log entry is pretty convincing. A file called cmd.exe > is/was "reachable" via GET. A properly constructed GET with > parameters could send that cmd.exe any command it wanted to. > > -ns > > > This address was used for last 2 days. Before there were others. Each used > > around 40 times, then another address is taken. > > > > 203.173.177.17 belongs to IHUG but what exactly it is I do not know. > > it could just be some other IHUG subscriber with an infected workstation > running IIS that hits you while you're both dialed into the ISP. > > Nimda probes "similar" IP addresses with higher probability than > random addresses - so it tends to attack "neighbors". > > -ns > > -------------------------------------------------------------------------- - > New Zealand Delphi Users group - Offtopic List - [EMAIL PROTECTED] > Website: http://www.delphi.org.nz > To UnSub, send email to: [EMAIL PROTECTED] > with body of "unsubscribe offtopic" > Web Archive at: http://www.mail-archive.com/offtopic%40delphi.org.nz/ > --------------------------------------------------------------------------- New Zealand Delphi Users group - Offtopic List - [EMAIL PROTECTED] Website: http://www.delphi.org.nz To UnSub, send email to: [EMAIL PROTECTED] with body of "unsubscribe offtopic" Web Archive at: http://www.mail-archive.com/offtopic%40delphi.org.nz/
