[Dshield] nsiislog.dll probe
rushing at jorsm.com
Mon Oct 20 18:29:31 GMT 2003
Going through my Apache logs for anomalous events and I see a request for
nsiislog.dll last Tuesday from 220.127.116.11. It appears that 18.104.22.168
is in an Israeli DSL netblock.
A little Google searching turned up
Which describe a buffer overflow announced in late June 2003. At that
time, the description said there was no known working exploit in the wild
but that it was exploitable.
Perhaps someone is seeing how widespread it is before bothering to write
More information about the list