[unisog] Heads up! distributed scans and attacks targeting nsiss.dll

Peter Van Epp vanepp at sfu.ca
Fri Aug 8 15:31:04 GMT 2003


On Fri, Aug 08, 2003 at 03:44:34PM +1200, Russell Fulton wrote:
> Greetings All,
> 	     This morning I noticed that snort had logged a whole lot of
> "WEB-IIS nsiislog.dll access" alerts. After several hours of
> investigation I decided that there are enough interesting and different
> things about this incident to warrant writing a summary of what
> happened.
> 
> Times are UTC +1200.
> 
> Distributed scan from about 40 different sources of port 80 through
> 130.216.0.0/16 -- start of scan:
> 

	Us too. A quick search for net 220.73.165 in the overnight argus logs
indicates a similar large scale scan on port 80 here. I'll need to see if
we were as lucky with machines as Russell :-). Thanks for the heads up!

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada



More information about the unisog mailing list