[Dshield] I was going to say it's slowed down,,,,but.

Paul Marsh pmarsh at nmefdn.org
Mon Aug 6 19:48:20 GMT 2001


	I was going to say it has slowed down but I just checked out my IIS
log and found these babies in there.  What's the news, it seams the listsrv
is kind of quiet today?  Below these entries is a perfect example if someone
trying to exploit a box.  What can I do to stop this person?  The patch is
on, my firewall is dropping the connections but how can I get them to stop?
2001-08-06 14:28:36 209.196.42.46 - GET /default.ida 
2001-08-06 14:28:40 209.196.42.46 - GET /default.ida 
2001-08-06 14:28:42 209.196.42.46 - GET /default.ida 
2001-08-06 14:28:46 209.196.42.46 - GET /default.ida 
2001-08-06 14:28:46 209.196.42.46 - GET /default.ida 
2001-08-06 14:28:56 209.196.42.46 - GET /default.ida 
2001-08-06 14:28:56 209.196.42.46 - GET /default.ida 
2001-08-06 14:29:06 209.196.42.46 - GET /default.ida 
2001-08-06 14:29:06 209.196.42.46 - GET /default.ida 
2001-08-06 14:29:06 209.196.42.46 - GET /default.ida 

2001-08-06 09:49:36 209.213.135.1 - GET /default.ida
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u90
90%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u
9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a 200 165 3818 110
80 - -
08/06/2001 11:45:46.608 TCP connection dropped 209.213.135.1, 3148, WAN
209.xxx.xxx.xxx, 80, LAN 'Web (HTTP)' 0


Thanx, Paul




More information about the list mailing list