-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > James Meritt wrote: > > A variety of web defacements reportedly originating with the > Chinese are > being reported. Anyone know what method(s) are being used? If you want some useful statistics and some basic reconnaissance information, I personally use www.alldas.de (this is nothing to do with us) because they banner check and nmap the host when it is added to the archive. That way you can usually hazard an educated guess on how the page was defaced. Since the majority of boxes are running IIS4/5, RDS / MSADC, Unicode and MS-Sql seem to be the favourite. I guess as soon as a working exploit for the ISAPI Printer issue in IIS5 makes a rather public appearance, the defacers worldwide will be using that too. > Keith McCammon wrote: > > I've also been noticing a large number of anonymous FTP > checks in the last > two days. - From what we've seen - Holland has been the favourite source of scans for FTP recently; RPC scans typically originate from Eastern Asia and South America. Cheerio, Paul Rogers, Network Security Analyst. MIS Corporate Defence Solutions Limited Tel: +44 (0)1622 723422 (Direct Line) +44 (0)1622 723400 (Switchboard) Fax: +44 (0)1622 728580 Website: http://www.mis-cds.com/ -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBOvFbSrnKcoQ5QY/3EQKIFACePSHNzaCDm6cvfVgFbPpRsMFMoIMAoITy 77CA/7pQ+FEl7nG2Wexd9yWw =7v/N -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Thu May 03 2001 - 15:19:04 PDT