>As SIMS isn't logging the IP address of this attack I guess you can't
>report it to their ISP (Perhaps IP address logging for these errors
>would be a nice addition). But you can certainly ignore it. It is
>just an attempt to probe it for IIS (thanks Microsoft) holes and then
>automatically exploit them to put up their "du0d, w3 ar3 k00l!" page.
>If you have SIMS HTTP on port 80 though, I'd move it, most probes
>will go after port 80 only.
Although SIMS doesn't "log" the IP address... if you glance back over the
log snippet... thanks to the hacker wannabe flooding the SIMS server,
there are a few rejected HTTP connections, all from one IP address. They
overloaded the number of HTTP connections, and at that point SIMS logged
the rejected attempt.
So in a way... they were nice enough to log their IP themselves.
-chris
<http://www.mythtech.net>
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
