-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Any advice would be much appreciated - a couple of our boxes seem to have been exploited using a directory traversal vulnerabiltiy, by uploading a file called "dr.exe", and then passing this commands to remove files from the box. I have recovered our logfiles and the data fortunately, and I am still examining the log's. Is this dr.exe thing a known attack, (I can't seem to find anything about it).? The attacked boxes did have all the latest patches applied to them, and I double checked this during the code red crisis, and applied any that were missing. Any information would be much appreciated. Regards Lee - -- Lee Evans Vital Online Ltd This message is intended only for the use of the person(s) ("The intended recipient(s)") to whom it is addressed. It may contain information which is privileged and confidential within the meaning of applicable law. If you are not the intended recipient, please contact the sender as soon as possible. The views expressed in this communication may not necessarily be the views held by Vital Online Ltd. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7XpKrhtUFQXeFbZYRAh0mAKCTpYRfp5m/MBHHc/tvYYdxMqf9qQCeNpru +QqVQuyw/IhvuMQfwnP7lhc= =Zel8 -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jul 25 2001 - 09:49:08 PDT