"Mark Palmer, CCNA" wrote:
>
> I have been logging these attempts on our Outlook Web Access server.
>
> I then attempt a WHOIS lookup on the source ip. I then send a nicely worded
> email to any and all contacts that show up on the WHOIS search.
>
> I have had some "success" with the contacts
t IMHO worth it.
Cheers,
Mark
-Original Message-
From: Matt Hemingway [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 19, 2001 11:07 AM
To: Ryan Ratkiewicz; [EMAIL PROTECTED]
Subject: Re: IIS Hack Attempt
Code Red. Code Blue. Nimda. Take your pick.
-Matt
On Thursday 15 Novemb
Code Red. Code Blue. Nimda. Take your pick.
-Matt
On Thursday 15 November 2001 10:18, Ryan Ratkiewicz wrote:
> Can someone help me decipher this?
>
> 11:30:48 207.217.205.149 GET /scripts/root.exe 404
> 11:30:48 207.217.205.149 GET /MSADC/root.exe 404
> 11:30:49 207.217.205.149 GET /c/winnt
Nimda scan. Just make sure your box is patched.
Andrew Blevins
-Original Message-
From: Ryan Ratkiewicz [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 15, 2001 10:18 AM
To: [EMAIL PROTECTED]
Subject: IIS Hack Attempt
Can someone help me decipher this?
11:30:48 207.217.205.149
See http://www.incidents.org/react/nimda.pdf
-Original Message-
From: Ryan Ratkiewicz [mailto:[EMAIL PROTECTED]]
Sent: 15 November 2001 18:18
To: [EMAIL PROTECTED]
Subject: IIS Hack Attempt
Can someone help me decipher this?
11:30:48 207.217.205.149 GET /scripts/root.exe 404
11:30:48
al Message-
From: Ryan Ratkiewicz [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 15, 2001 1:18 PM
To: [EMAIL PROTECTED]
Subject: IIS Hack Attempt
Can someone help me decipher this?
11:30:48 207.217.205.149 GET /scripts/root.exe 404
11:30:48 207.217.205.149 GET /MSADC/root.exe 40
ber 15, 2001 1:18 PM
To: [EMAIL PROTECTED]
Subject: IIS Hack Attempt
Can someone help me decipher this?
11:30:48 207.217.205.149 GET /scripts/root.exe 404
11:30:48 207.217.205.149 GET /MSADC/root.exe 404
11:30:49 207.217.205.149 GET /c/winnt/system32/cmd.exe 404
11:30:49 207.217.205.149 GET /d
D]
Subject: IIS Hack Attempt
Can someone help me decipher this?
11:30:48 207.217.205.149 GET /scripts/root.exe 404
11:30:48 207.217.205.149 GET /MSADC/root.exe 404
11:30:49 207.217.205.149 GET /c/winnt/system32/cmd.exe 404 11:30:49
207.217.205.149 GET /d/winnt/system32/cmd.exe 404 11:30:49
207.
Hi if you have a cisco router you can use the nbar function
http://www.cisco.com/warp/public/732/Tech/qos/nbar/
Also . who knows to do that from IIS 5 ?
Mensaje citado por: Ryan Ratkiewicz <[EMAIL PROTECTED]>:
> Can someone help me decipher this?
>
> 11:30:48 207.217.205.149 GET /scri
That's Nimda:
http://www.cert.org/advisories/CA-2001-26.html
-Jeff
Ryan Ratkiewicz wrote:
>
> Can someone help me decipher this?
>
> 11:30:48 207.217.205.149 GET /scripts/root.exe 404
> 11:30:48 207.217.205.149 GET /MSADC/root.exe 404
> 11:30:49 207.217.205.149 GET /c/winnt/system32/cmd.exe 4
Can someone help me decipher this?
11:30:48 207.217.205.149 GET /scripts/root.exe 404
11:30:48 207.217.205.149 GET /MSADC/root.exe 404
11:30:49 207.217.205.149 GET /c/winnt/system32/cmd.exe 404
11:30:49 207.217.205.149 GET /d/winnt/system32/cmd.exe 404
11:30:49 207.217.205.149 GET /scripts
11 matches
Mail list logo