RE: .ida Intrusion Attempt

From: Yom, Francis (fyomat_private)
Date: Thu Jul 19 2001 - 11:08:34 PDT

  • Next message: Dr SuSE: "Re: .ida Intrusion Attempt"

    Hi all,
    
    I have a question regarding this .ida intrusion.
    
    I had installed MS's hot fix last month.  I have detected this exploit
    attempt over the past few days via the IIS log files.  The HTTP status
    code for these attempts is 200 which is 'OK' or 'SUCCESSFULL'
    
    I have not detected that the worm did infect my systems.  Are the above
    status codes normal for the hotfix or did I truly get infected?
    
    Many thanks,
    Francis
    
    
    ----------------------------------------------------------------------------
    
    
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:
    
    http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 16:22:14 PDT