Re: IIS traffic
From: Ken Schaefer (ken_at_adOpenStatic.com)
Date: 11/21/03
- Previous message: Avleen Vig: "Re: IIS traffic"
- In reply to: Mason, Samuel: "IIS traffic"
- Next in thread: Åke: "Re: IIS traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <focus-ms@securityfocus.com> Date: Fri, 21 Nov 2003 16:16:10 +1100
Can you please tell us what field that (sucks.freexxxxxvideo.com)
corresponds to? is it cs-agent? or what?
Cheers
Ken
----- Original Message -----
From: "Mason, Samuel" <smason@state.mt.us>
To: <focus-ms@securityfocus.com>
Sent: Thursday, November 20, 2003 7:55 AM
Subject: IIS traffic
:
: While clearing out some information in our web filter I noticed some odd
: traffic: internal web server addresses showing up under different dns
names.
: For instance in the Host Name field we see "sucks.freexxxxxvideo.com" and
: yet the IP comes up in our address range. Opening the traffic I find a DSL
: customer's IP from speakeasy.net. It looks like they are making what
starts
: out as a legitimate request from our IIS 5.0 webserver and then redirect
to
: whatever porn site they are after at the time.
:
: Looking at the IIS logs on the affected server I see nothing more than
this
: to give me a clue:
:
: 2003-11-05 12:44:26 66.93.24.88 - X.X.X.X 80 GET /Default.asp - 200
: sucks.freexxxxxvideo.com Mozilla/4.0 -
:
: Is this a common occurrence with IIS? How do we stop this from happening?
:
: Thanks for any help.
:
: Samuel Mason
: Information Technology Security Office
: State of Montana
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Avleen Vig: "Re: IIS traffic"
- In reply to: Mason, Samuel: "IIS traffic"
- Next in thread: Åke: "Re: IIS traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
