RE: .ida Intrusion Attempt

From: Yom, Francis (fyomat_private)
Date: Thu Jul 19 2001 - 11:08:34 PDT

Next message: Dr SuSE: "Re: .ida Intrusion Attempt"

Previous message: Arthur Donkers: "Anyone interested in full tcpdump trace of a Code Red breakin ?"
Next in thread: Colby Rice: "RE: .ida Intrusion Attempt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all,

I have a question regarding this .ida intrusion.

I had installed MS's hot fix last month.  I have detected this exploit
attempt over the past few days via the IIS log files.  The HTTP status
code for these attempts is 200 which is 'OK' or 'SUCCESSFULL'

I have not detected that the worm did infect my systems.  Are the above
status codes normal for the hotfix or did I truly get infected?

Many thanks,
Francis


----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com

Next message: Dr SuSE: "Re: .ida Intrusion Attempt"
Previous message: Arthur Donkers: "Anyone interested in full tcpdump trace of a Code Red breakin ?"
Next in thread: Colby Rice: "RE: .ida Intrusion Attempt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 16:22:14 PDT