[olug] New IIS centered web attack

Adam Lassek alassek at techie.com
Thu Sep 20 14:30:25 UTC 2001 

I think those of us with webservers are already quite aware of this :) The damn thing scanned me more than 4600 times yesterday, and almost 6000 times the day before. Lessee, today's current tally: 824 but the day's still young.


-----Original Message-----
From: Jon Larsen <jlarsen at cas-online.com>
Date: Tue, 18 Sep 2001 11:57:45 -0500
To: olug at bstc.net
Subject: [olug] New IIS centered web attack


> 
> Got this from http://www.incidents.org
> 
> ALERT! - Internet Threat - Possible New Worm
> Find the preliminary information here
> 
> At about 10:30 am EST large amounts of web traffic began being reported by 
> Internet Storm Center participants. The traffic is tcp port 80 and much of 
> it is active scanning for known IIS vulnerabilities. Little is known about 
> this activity currently, but it appears to have worm propagation 
> characteristics. Due to the intensity of scanning some sites are reporting 
> DoS effects. Please examine traffic logs for outbound activity indicating 
> that your site may have been compromised. We will be keeping you updated as 
> more information becomes available.
> 
> 
> -----
> I've got lots of requests logged in Apache.  We've seen a lot of traffic 
> occur related to this starting around 9 AM this morning.
> 
> You may want to check out your Apache logs...
> 
> Jon L.
> ----
> [ Jon Larsen, Net.Admin  | CAS, Inc.                 ]
> [ jlarsen at cas-online.com | 10303 Crown Point Avenue  ]
> [ 402.964.9998 x2075     | Omaha, NE  68134-1061     ]
> [ ICQ# 28192038          | http://www.cas-online.com ]
> [ Plain-Text Email Only! | ftp://ftp.cas-online.com  ]
> 
> 
> -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
> 
> For help contact olug-help at bstc.net - run by ezmlm
> to unsubscribe, send mail to olug-unsubscribe at bstc.net
> or `mail olug-unsubscribe at bstc.net < /dev/null`
> (c)2001 OLUG http://www.olug.org
> 
> -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
> 
> 

-- 


"God is dead." -- Nietzsche
"Nietzsche is dead." -- God


_______________________________________________
Have you downloaded the latest calling software from Net2Phone? Click here to get it now!

http://www.net2phone.com/cgi-bin/adforward.cgi?p_key=NH211JK&url=http://commcenter.net2phone.com/





-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

For help contact olug-help at bstc.net - run by ezmlm
to unsubscribe, send mail to olug-unsubscribe at bstc.net
or `mail olug-unsubscribe at bstc.net < /dev/null`
(c)2001 OLUG http://www.olug.org

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

More information about the OLUG mailing list