IIS 4.0 DOS attack?
From: Douglas R. Wilson (dallendoug_at_dallenhome.org)Date: 07/19/01
- Vorherige Nachricht: Les Newbigging: "RE: Webserver, DMZ, ports questions"
- Nächste im Thread: Arnaud Pignard: "Re: IIS 4.0 DOS attack?"
- Antwort: Arnaud Pignard: "Re: IIS 4.0 DOS attack?"
- Antwort: Bernard.Carreon: "RE: IIS 4.0 DOS attack?"
- Antwort: Peter Johnson: "RE: IIS 4.0 DOS attack?"
- Reply: Douglas R. Wilson: "Re: IIS 4.0 DOS attack?"
- Nachrichten sortiert nach: [ Datum ] [ Thread ] [ Subject ] [ Autor ] [ Attachement ]
running into a frustrating situation, and wondering if anyone has seen
anything like this before --
we have 2 servers on our network that keep having their w3svc crash out
every few minutes, like clockwork. just started a few hours ago. No
strange updates/patches/etc made in the past day or so, servers have
been running for a while -- access to lots of clients and developers
though.
We have several admins working on this -- sifting through logs, etc. So
far, no real anomalies in HTTP logs (no requests with large or weird
packets -- but one server has so many logs, haven't been able to go
through all of them yet) -- but a lot of bogus FTP attempts detected
right before this started happening (ie logins from same IP w/ bogus
login/pass on both servers). This could be total coincidence, or
pre-strike probe.
I know this is not a lot of info -- we are still gathering and
monitoring -- just wondering if this rang a bell with anyone.
TIA,
doug
--Douglas R. Wilson
- Vorherige Nachricht: Les Newbigging: "RE: Webserver, DMZ, ports questions"
- Nächste im Thread: Arnaud Pignard: "Re: IIS 4.0 DOS attack?"
- Antwort: Arnaud Pignard: "Re: IIS 4.0 DOS attack?"
- Antwort: Bernard.Carreon: "RE: IIS 4.0 DOS attack?"
- Antwort: Peter Johnson: "RE: IIS 4.0 DOS attack?"
- Reply: Douglas R. Wilson: "Re: IIS 4.0 DOS attack?"
- Nachrichten sortiert nach: [ Datum ] [ Thread ] [ Subject ] [ Autor ] [ Attachement ]
Relevant Pages
|
