Re: Accessing mail from the web
From: Paul Schmehl (pauls@utdallas.edu)Date: 08/18/01
- Previous message: Alan Basinger: "802.11 wireless security"
- In reply to: bonnie temple: "RE: Accessing mail from the web"
- Next in thread: Skinner, Kit: "RE: Accessing mail from the web"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <03e801c12795$4dc74580$220a400a@officeeagle> From: "Paul Schmehl" <pauls@utdallas.edu> To: "bonnie temple" <btemple@nglantz.com>, <security-basics@securityfocus.com>, <focus-ms@securityfocus.com> Subject: Re: Accessing mail from the web Date: Fri, 17 Aug 2001 22:10:52 -0500
----- Original Message -----
From: "bonnie temple" <btemple@nglantz.com>
To: <security-basics@securityfocus.com>; <focus-ms@securityfocus.com>
Sent: Friday, August 17, 2001 12:08 PM
Subject: RE: Accessing mail from the web
Is that why I still have default.ida XXXXXXXXXXXXXXXXXXXXXX lines in my
IIS logs after applying the Aug.15 patch?
Code Red never gets logged. The fact that you're seeing it in your logs
means it isn't working on your box. If it was, you wouldn't have anything
in the logs.
And what exactly does that line mean opposed to ...default.ida
NNNNNNNNNNNN
XXXX is Code Red II, which plants the explorer.exe trojan in the root of the
boot drive and a renamed copy of cmd.exe (root.exe) in the /Scripts
directory.
NNNN is Code Red I, which just defaces a web page. (Of course both also
launch multithreaded attacks against other IPs.)
Paul Schmehl pauls@utdallas.edu
Supervisor, Support Services
University of Texas at Dallas
AVIEN Founding Member
- Previous message: Alan Basinger: "802.11 wireless security"
- In reply to: bonnie temple: "RE: Accessing mail from the web"
- Next in thread: Skinner, Kit: "RE: Accessing mail from the web"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
