ncacn_http/1.0
From: theGooo@hotmail.comDate: 03/07/02
- Previous message: Kinsey, Robert: "RE: Probes to strange ports"
- Next in thread: McCammon, Keith: "RE: ncacn_http/1.0"
- Reply: McCammon, Keith: "RE: ncacn_http/1.0"
- Reply: cw: "Re: ncacn_http/1.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: <theGooo@hotmail.com> To: <incidents@securityfocus.com>, <pen-test@securityfocus.com> Date: Thu, 7 Mar 2002 12:37:18 +0200
I have been getting Nimda like scans from different hosts this morning.
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNN
scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir
_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir
When I checked these hosts, I found that they have some ports that
display "ncacn_http/1.0" when you connect to them. Is this Netcat or
something else?
BTW, all these servers don't have a port 80 open and they are windows
machines.
Regards,
Sameh
========================================
Sameh Y. Farag
Security Engineer
Internet Security Systems - Middle East
Tel: +2 02 7607011
Fax: +2 02 7607013
<http://www.iss.net/>
The power to protect
========================================
__________________________________________________
Manage your Hotmail with ANY email application:
Get Pop3Hot at <http://pop3hot.com/main.htm>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Kinsey, Robert: "RE: Probes to strange ports"
- Next in thread: McCammon, Keith: "RE: ncacn_http/1.0"
- Reply: McCammon, Keith: "RE: ncacn_http/1.0"
- Reply: cw: "Re: ncacn_http/1.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
