[Dshield] Two questions.
pmarsh at nmefdn.org
Wed Aug 15 20:34:37 GMT 2001
How do you get it through an ISP's head that they have a machine
that is infected? I've called twice, emailed detailed IIS and firewall logs
to them and this machine is still up and running. The IP address is
22.214.171.124, it belongs to quik.com aka quik international of Costa Mesa
Ca. If you decide to hit this humans site please be careful there is a
Backdoor.Sadmin.Dr trojan that launches if you dig around to much.
Server A running IIS serving up my web site has not been hit with
the CR2 signature in almost a week, cool :)
Server B running OWA is still being hit everyday just about the same
time everyday with 40 or so signatures. Both machines are connected to the
same firewall, same T1 and so on but why is one being hit and not the
other? Is there something I'm missing?
More information about the list