I suppose I should clarify that statement! I in no way meant to insinuate that anyone on this list would indulge in underhanded behavior. I could not help but think that if I was a would be attacker that perusing a list like this might seem like a good idea. You never know when someone who may or may not know better might post information they probably should not.
Anyway I appreciate everyone's posts, I did not recognize the attacks as Nimda (I've been set straight!) and there were many, many variations to the logs I posted. Today the server logged them, and Snort was screaming bloody murder, because of 15 or so .ida "Attempted Administrator Privilege Gain" attacks, so the fun never ends. Grep, hmmm, seems I've heard that apps name before........... :) Jim Grossl Lee Pesky Learning Center Boise, Idaho USA -----Original Message----- From: Bill Walls [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 16, 2002 5:08 PM To: Jim Grossl; [EMAIL PROTECTED] Subject: Re: IIS log files, can I have your take on these attacks? Your best idea when posting to this list is to santize the logs. If you feel funny about posting your IP sir, simply take out the address. A quick script with GREP or PERL would suffice. ;) "Buffer Overflow in /dev/stomach due to vodka.o!"
