Re: Increase in MS vuln WebDav scans

caldcv_at_students.fccj.org
Date: 06/01/04

Next message: Valdis.Kletnieks_at_vt.edu: "Re: NKADM rootkit - Something new?"

Previous message: 'Ansgar -59cobalt- Wiechers': "Re: NKADM rootkit - Something new?"
Maybe in reply to: Hubbard, Dan: "Increase in MS vuln WebDav scans"
Next in thread: Jose Nazario: "Re: Increase in MS vuln WebDav scans"
Reply: Jose Nazario: "Re: Increase in MS vuln WebDav scans"
Reply: Cory Donnelly: "Re: Increase in MS vuln WebDav scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 1 Jun 2004 17:13:11 -0000
To: incidents@securityfocus.com

('binary' encoding is not supported, stored as-is) In-Reply-To: <EB6D35AE1E5D3E40B4536F55B540A5D8013DDAE3@ssdexch1.websense.com>

68.252.34.20 - - [01/Jun/2004:04:59:58 -0400] "SEARCH /\x90\x02\xb1\x02\xb1\x02$

68.38.106.111 - - [01/Jun/2004:10:01:44 -0400] "SEARCH /\x90\x02\xb1\x02\xb1\x0$

Got some myself. I posted a post about this a few weeks ago and the moderator said that many worms out today like Ago/Phatbot use the WebDAV vulnerability in the worm. I just ignore them and rotate out my logs more because that particular scan takes like 34k of log space.

-CC

Next message: Valdis.Kletnieks_at_vt.edu: "Re: NKADM rootkit - Something new?"

Previous message: 'Ansgar -59cobalt- Wiechers': "Re: NKADM rootkit - Something new?"
Maybe in reply to: Hubbard, Dan: "Increase in MS vuln WebDav scans"
Next in thread: Jose Nazario: "Re: Increase in MS vuln WebDav scans"
Reply: Jose Nazario: "Re: Increase in MS vuln WebDav scans"
Reply: Cory Donnelly: "Re: Increase in MS vuln WebDav scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]