[olug] New IIS centered web attack
Jon Larsen
jlarsen at cas-online.com
Tue Sep 18 16:57:45 UTC 2001
Got this from http://www.incidents.org
ALERT! - Internet Threat - Possible New Worm
Find the preliminary information here
At about 10:30 am EST large amounts of web traffic began being reported by
Internet Storm Center participants. The traffic is tcp port 80 and much of
it is active scanning for known IIS vulnerabilities. Little is known about
this activity currently, but it appears to have worm propagation
characteristics. Due to the intensity of scanning some sites are reporting
DoS effects. Please examine traffic logs for outbound activity indicating
that your site may have been compromised. We will be keeping you updated as
more information becomes available.
-----
I've got lots of requests logged in Apache. We've seen a lot of traffic
occur related to this starting around 9 AM this morning.
You may want to check out your Apache logs...
Jon L.
----
[ Jon Larsen, Net.Admin | CAS, Inc. ]
[ jlarsen at cas-online.com | 10303 Crown Point Avenue ]
[ 402.964.9998 x2075 | Omaha, NE 68134-1061 ]
[ ICQ# 28192038 | http://www.cas-online.com ]
[ Plain-Text Email Only! | ftp://ftp.cas-online.com ]
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
For help contact olug-help at bstc.net - run by ezmlm
to unsubscribe, send mail to olug-unsubscribe at bstc.net
or `mail olug-unsubscribe at bstc.net < /dev/null`
(c)2001 OLUG http://www.olug.org
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
More information about the OLUG
mailing list