[ILUG] IIS problems
John McCormac
jmcc at hackwatch.com
Wed Sep 26 10:16:01 IST 2001
Wesley Darlington wrote:
>
> On Tue, Sep 25, 2001 at 07:30:18PM +0100, David Murphy wrote:
> > Quoting <3BB0CC2C.9040607 at esatclear.ie>
> > by Paul Kelly <longword at esatclear.ie>:
> > > How can it be illegal? They requested the machine deinstallation
> > > program from your web server. And you've got the Apache logs to
> > > prove it.
> > I don't believe "They asked for it" will stand up in court.
>
> Probably right. Much better to format their drives so all
> trace of your activity is removed. Dead boxes tell no tales.
> Use https if it's there to lessen the likelihood of IDSes (*)
> noticing.
The problem is that most of the scans now are trying to exploit the Code
Red backdoors. Over the past 24 hours, the majority of these scans are
coming from Luse2K dialups on Indigo. I have also seen a VEC in Dublin
causing problems here. The requests for default.ida have diminished.
Many of the dialups are do not seem to be active on port 80 or at least
are so busy on that port that they are rejecting connections. If only
there was one "Drop Dead" command for these muppet boxes - like Black
ICE in William Gibson's cyberpunk novels. ;-)
Regards...jmcc
--
********************************************
John McCormac * Hack Watch News
jmcc at hackwatch.com * 22 Viewmount,
Voice: +353-51-873640 * Waterford,
BBS&Fax: +353-51-850143 * Ireland
http://www.hackwatch.com/~kooltek
********************************************
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6
mQCNAzAYPNsAAAEEAPGTHaNyitUTNAwF8BU6mF5PcbLQXdeuHf3xT6UOL+/Od+z+
ZOCAx8Ka9LJBjuQYw8hlqvTV5kceLlrP2HPqmk7YPOw1fQWlpTJof+ZMCxEVd1Qz
TRet2vS/kiRQRYvKOaxoJhqIzUr1g3ovBnIdpKeo4KKULz9XKuxCgZsuLKkVAAUX
tCJKb2huIE1jQ29ybWFjIDxqbWNjQGhhY2t3YXRjaC5jb20+tBJqbWNjQGhhY2t3
YXRjaC5jb20=
=sTfy
-----END PGP PUBLIC KEY BLOCK-----
More information about the ILUG
mailing list