[Dshield] win32 exploit?
Mel Chandler PMI
MChandler at pmi.delta.org
Mon Aug 6 16:27:20 GMT 2001
Yes, you can do it from IIS, just for http and ftp traffic. The best way to
block it is to have your firewall do it. That way all traffic is block and
not just http and ftp. Plus it gives you a single point of administration
Mel L. Chandler, A+, Network+, MCNE, MCDBA, MCSE+I, CCNA
MChandler at PMI.Delta.org
PMI Delta Dental
= not many animals were harmed in =
= the making of this email =
From: castu [mailto:castu at jfkadatc.net]
Sent: Friday, August 03, 2001 7:52 PM
To: dshield at dshield.org
Subject: Re: [Dshield] win32 exploit?
I was hit by a ton of these one day from some
@home idiots. The box was patched, they still kept
it up. Funny, my cmd.exe on that machine has been
renamed to something else a LONG time ago.
My poor IIS logs are going to need their own drive
the way they are filling up tonight. :P
Say..in IIS4...is there a way to block a complete
IP range? I'd like to block Tiawan, those are the
sources of most of tonight's hits.
> Looks like someone is trying to execute cmd.exe
> to do god knows what. Is
> this a Windows 2000 server that has had that
> vulnerability patched already?
> It looks like they're trying to exploit it
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the list