exploited win2k box, not quite sure how:
From: John Jasen (jjasen1@umbc.edu)Date: 05/18/02
- Previous message: Deus, Attonbitus: "RE: Windows Systems Defaced/destroyed, plus Port 3389 attacks"
- Next in thread: Mike Lewinski: "Re: exploited win2k box, not quite sure how:"
- Reply: Mike Lewinski: "Re: exploited win2k box, not quite sure how:"
- Reply: McCammon, Keith: "RE: exploited win2k box, not quite sure how:"
- Reply: Ron Yount: "RE: exploited win2k box, not quite sure how:"
- Reply: Butler, Brandon: "RE: exploited win2k box, not quite sure how:"
- Reply: John Jasen: "Re: exploited win2k box, not quite sure how:"
- Reply: Scott Fendley: "Re: exploited win2k box, not quite sure how:"
- Reply: Blake Frantz: "FW: exploited win2k box, not quite sure how:"
- Reply: rulerpen: "Re: exploited win2k box, not quite sure how:"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 17 May 2002 21:05:29 -0400 From: John Jasen <jjasen1@umbc.edu> To: <incidents@securityfocus.com>
Got a wierd one here.
Win2k server, SP2
IIS 5.0
SQL server 7
ipswitch imail 6.x
Its definitely been broken into. PC-cillian bas picked up a few nimda
files, and there is a directory c:\tAGGEd with various subdirectories
under it, and an unopenable file C:\TaGGed By Ca$e.
I'm working on getting a disk image up for perusal, but that might take a
few days.
Anybody seen this yet? Searching securityfocus, McAfee, Google, and a few
other places has come up dry.
-- -- John E. Jasen (jjasen1@umbc.edu) -- User Error #2361: Please insert coffee and try again.---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
- Previous message: Deus, Attonbitus: "RE: Windows Systems Defaced/destroyed, plus Port 3389 attacks"
- Next in thread: Mike Lewinski: "Re: exploited win2k box, not quite sure how:"
- Reply: Mike Lewinski: "Re: exploited win2k box, not quite sure how:"
- Reply: McCammon, Keith: "RE: exploited win2k box, not quite sure how:"
- Reply: Ron Yount: "RE: exploited win2k box, not quite sure how:"
- Reply: Butler, Brandon: "RE: exploited win2k box, not quite sure how:"
- Reply: John Jasen: "Re: exploited win2k box, not quite sure how:"
- Reply: Scott Fendley: "Re: exploited win2k box, not quite sure how:"
- Reply: Blake Frantz: "FW: exploited win2k box, not quite sure how:"
- Reply: rulerpen: "Re: exploited win2k box, not quite sure how:"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
