Re: Heads up! distributed scans and attacks targeting nsiss.dll
From: oherrera (oherrera_at_prodigy.net.mx)
Date: 08/09/03
- Previous message: morning_wood: "Re: port 445 probes continued"
- Maybe in reply to: Russell Fulton: "Heads up! distributed scans and attacks targeting nsiss.dll"
- Next in thread: sunzi: "Re: Heads up! distributed scans and attacks targeting nsiss.dll"
- Reply: sunzi: "Re: Heads up! distributed scans and attacks targeting nsiss.dll"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 08 Aug 2003 18:11:31 -0500 To: incidents@securityfocus.com
We received one scan today from 206.29.36.131, with payload:
GET /scripts/nsiislog.dll. I don't remember seing this kind
of activity before in the last 3 months.
Omar Herrera
> Greetings All,
> This morning I noticed that snort had logged a
> whole lot of "WEB-IIS nsiislog.dll access" alerts. After
> several hours of investigation I decided that there are
> enough interesting and different things about this
> incident to warrant writing a summary of what happened.
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: morning_wood: "Re: port 445 probes continued"
- Maybe in reply to: Russell Fulton: "Heads up! distributed scans and attacks targeting nsiss.dll"
- Next in thread: sunzi: "Re: Heads up! distributed scans and attacks targeting nsiss.dll"
- Reply: sunzi: "Re: Heads up! distributed scans and attacks targeting nsiss.dll"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
