Ryan Russell wrote: >On Thu, 30 Aug 2001, Bart Haezeleer wrote: > >>64.225.196.160 - - [24/Aug/2001:21:02:21 +0200] "GET /NULL.printer >>HTTP/1.0" 404 280 >> > >Someone is checking if you're vulnerable to this: >http://www.securityfocus.com/bid/2674 > >If you are, it's something to worry about. I think the 404 indicates >that you're probably OK, but check anyway. We've been seeing a lok of >.printer attempts lately.. > >For people who are vulnerable, you'll get no indication in the web logs >that a successful exploit happened. The only clue is a w3svr restart in >the event logs. I tried a couple of the exploits for this hole when it >can out, and they work really well. > Err . . I think you missed the fact that he's running Apache, not IIS! ;) -b -- #===================================================================# # More dead people have written in support of Microsoft against the # # DOJ than any other single group, leading UMSA (United MS Shills # # of America) President Steve Barkto to lodge a formal complaint. # #===================================================================# ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Sep 02 2001 - 02:44:29 PDT