[lug] possible intrusion
Michael J. Hammel
mjhammel at graphics-muse.org
Thu Jul 19 13:36:33 MDT 2001
Thus spoke Calvin Dodge
> Even if this is not the specific exploit being tried against your server, it does seem to be an IIS-only issue. So if you're using Apache you should be OK (I see other IIS exploits once or twice a month on our Apache server).
Not exactly. BugTraq has been brewing with discussion on this. It appears
some Cisco DSL routers with Web-enabled interfaces are also vulnerable.
There may be other systems as well.
(Long URL's coming - prepare yourself...)
The Red Worm (as this is being called) analysis:
http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26start%3D2001-07-15%26mid%3D197828%26threads%3D0%26end%3D2001-07-21%26fromthread%3D0%26
The first note of other systems being vulnerable:
http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26start%3D2001-07-15%26mid%3D197992%26threads%3D0%26end%3D2001-07-21%26fromthread%3D0%26
--
Michael J. Hammel |
The Graphics Muse | Democracy is a beautiful thing, except for that
mjhammel at graphics-muse.org | part about letting just any old yokel vote.
http://www.graphics-muse.com
More information about the LUG
mailing list