[lug] possible intrusion

Taz feenix at ticnet.com
Thu Jul 19 18:09:28 MDT 2001


I just got home and checked my e-mail.  Reading this thread got my interest.  I've had 70 hits on port 80 since about 1030 this morning.  From different ip/domains.
I haven't had any before.  Fortunately, since I don't run a web server *and* I have completely blocked the port with a firewall, no damage done.
However, would anybody be interested in exchanging logs?  I'm curious if this is all coming from only  a few machine/domains.  If interested, please mail off the list.

feenix at ticnet.com

Jeff

John Starkey wrote:

> I just woke up to about 100 messages about an exploit on IIS that's been hitting really hard this week. People on the WDVL list are getting hit pretty hard as well.
>
> Sorry. I didn't follow it since it was an IIS thing, but thought you might be interested in that bit of info.
>
> John
>
> Thus spake D. Stimits (stimits at idcomm.com):
>
> > Deva Samartha wrote:
> > >
> > > Thank you for your information - security focus search on shellcode results
> > > in 800 matches. In the meantime, I got about 15 of the NNNN's, more popping
> > > again and again. -
> > >
> > > If you know the feeling and possibly more about the exploit, could I
> > > possibly bribe you with  ?
> > >
> > > <n> cans of <beverage>
> > > <n> ::= 1,2,3..12
> > > <beverage> ::= <beer> | <soft drink>
> > > ...
> > >
> > > or would that insult you?
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug




More information about the LUG mailing list