[lug] possible intrusion

Michael J. Hammel mjhammel at graphics-muse.org
Thu Jul 19 13:36:33 MDT 2001


Thus spoke Calvin Dodge
> Even if this is not the specific exploit being tried against your server, it does seem to be an IIS-only issue.  So if you're using Apache you should be OK (I see other IIS exploits once or twice a month on our Apache server).

Not exactly.  BugTraq has been brewing with discussion on this.  It appears
some Cisco DSL routers with Web-enabled interfaces are also vulnerable.
There may be other systems as well.

(Long URL's coming - prepare yourself...)

The Red Worm (as this is being called) analysis:
http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26start%3D2001-07-15%26mid%3D197828%26threads%3D0%26end%3D2001-07-21%26fromthread%3D0%26

The first note of other systems being vulnerable:
http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26start%3D2001-07-15%26mid%3D197992%26threads%3D0%26end%3D2001-07-21%26fromthread%3D0%26

-- 
Michael J. Hammel           |
The Graphics Muse           |   Democracy is a beautiful thing, except for that
mjhammel at graphics-muse.org  |     part about letting just any old yokel vote.
http://www.graphics-muse.com 



More information about the LUG mailing list