[Dshield] win32 exploit?

castu castu at jfkadatc.net
Sat Aug 4 02:52:15 GMT 2001


I was hit by a ton of these one day from some
@home idiots. The box was patched, they still kept
it up. Funny, my cmd.exe on that machine has been
renamed to something else a LONG time ago.

My poor IIS logs are going to need their own drive
the way they are filling up tonight. :P

Say..in IIS4...is there a way to block a complete
IP range? I'd like to block Tiawan, those are the
sources of most of tonight's hits.


> Looks like someone is trying to execute cmd.exe
> to do god knows what.  Is
> this a Windows 2000 server that has had that
> vulnerability patched already?
> It looks like they're trying to exploit it
> unsuccessfully.




More information about the list mailing list