New IIS Exploit?

From: DS (dsardina@si.rr.com)
Date: 11/10/02

• Previous message: Stephen C. Gay: "Windows Update - SUS - An thanks everyone"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "DS" <dsardina@si.rr.com>
To: <security-basics@securityfocus.com>
Date: Sun, 10 Nov 2002 05:10:23 -0500

Hi:

Is there something new going around killing IIS Servers\Services?
Not only have I experienced this, but also few friends.

Running IIS on port 80, working fine and then all of a sudden,
You or someone tries to browse your website and cannot connect.

So you run a netstat -a while browsing that website and it says:

TCP mymachine:3041 121.XX.XX.XX.XX.rr.com:http SYN_SENT

It was working all day and now this SYN_SENT comes in.
Nothing in the logs. Had them scan for code red 2 and nothing.

Anyone experienced this?

Thanks.
DS-

---

• Previous message: Stephen C. Gay: "Windows Update - SUS - An thanks everyone"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > security-basics  > 2002-11