machines requesting ident.cab

Russell Fulton r.fulton at auckland.ac.nz
Thu Oct 31 22:58:47 GMT 2002


Hi All,
	We were alerted to a strange phenomena yesterday when our squid proxy
logs filled up the partition.  We found that several machines on campus
were making tens ( and in one case hundreds) of thousands of requests
for

 http://windowsupdate.microsoft.com/ident.cab

we have not found anything obviously 'wrong' with with the machines but
have not yet subjected them to a full forensic examination.

Any ideas what is going on?

-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

"It aint necessarily so"  - Gershwin



More information about the unisog mailing list