[lug] possible intrusion
D. Stimits
stimits at idcomm.com
Thu Jul 19 14:34:44 MDT 2001
"Scott A. Herod" wrote:
>
> My firewall's getting hammered on 80 but nothing's coming through it
> since
> I don't allow connectios to it. Also, I've heard from our ISP that a
> lot
> of his other customers have been nailed, so I suspect that it's endemic.
>
> Scott
>
> Deva Samartha wrote:
> >
> > <snip>
> >
> > I will email to security focus as suggested, because if nobody else
> > sees this kind of traffic, I could be compromised :-(
> >
> > Thank you,
> >
> > Samartha
> >
This makes it look like the "Code Red" worm is a dual purpose worm, by
accident. Someone could crash a Cisco DSL router just by trying the
overflow on a MS IIS port...whether IIS is running on the port or not.
Which could also explain why the attacker isn't really interested in
testing first...it would perform a dual purpose where if Cisco DSL is
present, it crashes, but if not, it infects the IIS server.
D. Stimits, stimits at idcomm.com
More information about the LUG
mailing list