[unisog] Rash of IIS exploits

Phillip G Deneault deneault at WPI.EDU
Thu Apr 24 22:22:50 GMT 2003

On Thu, 24 Apr 2003, Brian Reilly wrote:

> On Thu, 24 Apr 2003, Phillip G Deneault wrote:
> > In the last three days I've gotten a new rash of hacks via IIS
> > exploits(about a dozen).  This is much higher ratio than normal(about one
> > a month).  Has anyone else seen an increase in hacked hosts?
> >
> We see a steady stream of IIS attacks, and vulnerable IIS boxes tend to
> have a lifetime of < 1 day before they're compromised.  Do you have any
> data to suggest whether the exploits indicate an increase in attacks or
> rather an increase in the number of new vulnerable hosts (e.g. unpatched
> NT/2000 full installs) being placed in your network?
> --Brian

No hard evidence, but usually these type of attacks happen just after
school lets out and summer starts(because students reformat the hosts as
soon as their work is over with, and then forget to patch).  It seems to
be coming a tad earlier this year since school doesn't let out for us for
another week.  Also, most of the machines I've been finding hacked are
hosts that have been around for a while.


Phil Deneault     "We work in the dark, We do what we can,
deneault at wpi.edu   We give what we have. Our doubt is our passion,
WPI NetOps         and our passion is our task. The rest is the
InfoSec            maddness of art." - Henry James

More information about the unisog mailing list