IIS 5, WIN2K scans?

• Previous message: Joe Matusiewicz: "Re: Backdoor Q access?"
• Next in thread: Benjamin Krueger: "Re: IIS 5, WIN2K scans?"
• Reply: Benjamin Krueger: "Re: IIS 5, WIN2K scans?"
• Reply: Shaun Dewberry: "Re: IIS 5, WIN2K scans?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Here we go, the kiddies have come out to play again!
Below find the infringing party - another sploited box in korea?...
I didn't read the vulnerability report properly yesterday, but it looks like
the new IIS5, Win2k bug.
Pity I'm not running IIS 5 on Win2000...
Anybody else get anything similar?
Time is GMT+02:00 (South Africa Standard Time).

211.63.33.69 - - [04/May/2001:15:13:44 +0200] "GET /NULL.printer HTTP/1.0"
400 325
211.63.33.69 - - [04/May/2001:15:41:32 +0200] "GET /NULL.printer HTTP/1.0"
400 325
211.63.33.69 - - [04/May/2001:15:52:30 +0200] "GET /NULL.printer HTTP/1.0"
400 325
211.63.33.69 - - [04/May/2001:16:09:33 +0200] "GET /NULL.printer HTTP/1.0"
400 325
211.63.33.69 - - [04/May/2001:16:10:11 +0200] "GET /NULL.printer HTTP/1.0"
400 325

[Fri May  4 15:13:44 2001] [error] [client 211.63.33.69] Client sent
malformed Host header
[Fri May  4 15:41:32 2001] [error] [client 211.63.33.69] Client sent
malformed Host header
[Fri May  4 15:52:30 2001] [error] [client 211.63.33.69] Client sent
malformed Host header
[Fri May  4 16:09:33 2001] [error] [client 211.63.33.69] Client sent
malformed Host header
[Fri May  4 16:10:11 2001] [error] [client 211.63.33.69] Client sent
malformed Host header

• Next message: Daniel Martin: "Re: Spoofed SMB name wildcard probes"
• Previous message: Joe Matusiewicz: "Re: Backdoor Q access?"
• Next in thread: Benjamin Krueger: "Re: IIS 5, WIN2K scans?"
• Reply: Benjamin Krueger: "Re: IIS 5, WIN2K scans?"
• Reply: Shaun Dewberry: "Re: IIS 5, WIN2K scans?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 04 2001 - 08:17:53 PDT