Re: IIS Hack Attempt

2001-11-22 Thread John Oliver
"Mark Palmer, CCNA" wrote: > > I have been logging these attempts on our Outlook Web Access server. > > I then attempt a WHOIS lookup on the source ip. I then send a nicely worded > email to any and all contacts that show up on the WHOIS search. > > I have had some "success" with the contacts

RE: IIS Hack Attempt

2001-11-21 Thread Mark Palmer, CCNA
t IMHO worth it. Cheers, Mark -Original Message- From: Matt Hemingway [mailto:[EMAIL PROTECTED]] Sent: Monday, November 19, 2001 11:07 AM To: Ryan Ratkiewicz; [EMAIL PROTECTED] Subject: Re: IIS Hack Attempt Code Red. Code Blue. Nimda. Take your pick. -Matt On Thursday 15 Novemb

Re: IIS Hack Attempt

2001-11-20 Thread Matt Hemingway
Code Red. Code Blue. Nimda. Take your pick. -Matt On Thursday 15 November 2001 10:18, Ryan Ratkiewicz wrote: > Can someone help me decipher this? > > 11:30:48 207.217.205.149 GET /scripts/root.exe 404 > 11:30:48 207.217.205.149 GET /MSADC/root.exe 404 > 11:30:49 207.217.205.149 GET /c/winnt

RE: IIS Hack Attempt

2001-11-20 Thread Andrew Blevins
Nimda scan. Just make sure your box is patched. Andrew Blevins -Original Message- From: Ryan Ratkiewicz [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 15, 2001 10:18 AM To: [EMAIL PROTECTED] Subject: IIS Hack Attempt Can someone help me decipher this? 11:30:48 207.217.205.149

RE: IIS Hack Attempt

2001-11-19 Thread Briscoe, Brian (B.)
See http://www.incidents.org/react/nimda.pdf -Original Message- From: Ryan Ratkiewicz [mailto:[EMAIL PROTECTED]] Sent: 15 November 2001 18:18 To: [EMAIL PROTECTED] Subject: IIS Hack Attempt Can someone help me decipher this? 11:30:48 207.217.205.149 GET /scripts/root.exe 404 11:30:48

RE: IIS Hack Attempt

2001-11-19 Thread leon
al Message- From: Ryan Ratkiewicz [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 15, 2001 1:18 PM To: [EMAIL PROTECTED] Subject: IIS Hack Attempt Can someone help me decipher this? 11:30:48 207.217.205.149 GET /scripts/root.exe 404 11:30:48 207.217.205.149 GET /MSADC/root.exe 40

RE: IIS Hack Attempt

2001-11-19 Thread Andrew H. Turner
ber 15, 2001 1:18 PM To: [EMAIL PROTECTED] Subject: IIS Hack Attempt Can someone help me decipher this? 11:30:48 207.217.205.149 GET /scripts/root.exe 404 11:30:48 207.217.205.149 GET /MSADC/root.exe 404 11:30:49 207.217.205.149 GET /c/winnt/system32/cmd.exe 404 11:30:49 207.217.205.149 GET /d

RE: IIS Hack Attempt

2001-11-19 Thread Philip Wagenaar
D] Subject: IIS Hack Attempt Can someone help me decipher this? 11:30:48 207.217.205.149 GET /scripts/root.exe 404 11:30:48 207.217.205.149 GET /MSADC/root.exe 404 11:30:49 207.217.205.149 GET /c/winnt/system32/cmd.exe 404 11:30:49 207.217.205.149 GET /d/winnt/system32/cmd.exe 404 11:30:49 207.

Re: IIS Hack Attempt

2001-11-19 Thread gregory
Hi if you have a cisco router you can use the nbar function http://www.cisco.com/warp/public/732/Tech/qos/nbar/ Also . who knows to do that from IIS 5 ? Mensaje citado por: Ryan Ratkiewicz <[EMAIL PROTECTED]>: > Can someone help me decipher this? > > 11:30:48 207.217.205.149 GET /scri

Re: IIS Hack Attempt

2001-11-19 Thread Jeff Giuliano
That's Nimda: http://www.cert.org/advisories/CA-2001-26.html -Jeff Ryan Ratkiewicz wrote: > > Can someone help me decipher this? > > 11:30:48 207.217.205.149 GET /scripts/root.exe 404 > 11:30:48 207.217.205.149 GET /MSADC/root.exe 404 > 11:30:49 207.217.205.149 GET /c/winnt/system32/cmd.exe 4

IIS Hack Attempt

2001-11-18 Thread Ryan Ratkiewicz
Can someone help me decipher this? 11:30:48 207.217.205.149 GET /scripts/root.exe 404 11:30:48 207.217.205.149 GET /MSADC/root.exe 404 11:30:49 207.217.205.149 GET /c/winnt/system32/cmd.exe 404 11:30:49 207.217.205.149 GET /d/winnt/system32/cmd.exe 404 11:30:49 207.217.205.149 GET /scripts