[Dshield] win32 exploit?
castu at jfkadatc.net
Sat Aug 4 02:52:15 GMT 2001
I was hit by a ton of these one day from some
@home idiots. The box was patched, they still kept
it up. Funny, my cmd.exe on that machine has been
renamed to something else a LONG time ago.
My poor IIS logs are going to need their own drive
the way they are filling up tonight. :P
Say..in IIS4...is there a way to block a complete
IP range? I'd like to block Tiawan, those are the
sources of most of tonight's hits.
> Looks like someone is trying to execute cmd.exe
> to do god knows what. Is
> this a Windows 2000 server that has had that
> vulnerability patched already?
> It looks like they're trying to exploit it
More information about the list