stfw, luke. according to http://www.incidents.org/archives/intrusions/msg03024.html "This appears to be an IE 6 client on XP with Office XP installed. This configuration enables the discussion bar in IE. <http://msdn.microsoft.com/library/en-us/off2krk/html/70ct_10.asp> When the discussion bar is enabled and configured, the web client queries the server automatically to see if has SharePoint Team Services installed (owssvr.dll as ISAPI.) <http://msdn.microsoft.com/library/en-us/spsdk11/caml_schema/spxmlconrenderingcaml.asp> Matt Scarborough 2001-12-23" On Wed, Feb 27, 2002 at 11:11:00AM -0600, Sterling Moses wrote: > Is there a new vulnerability out? > > We monitor hundreds of financial IIS servers and have noticed many requests > for the following: > > GET /_vti_bin/owssvr.dll 404 > > These requests originate from multiple IP addresses, and hit different > machines on > different networks. > > Based on the traffic and number of entries I can guess these are not > targeted attacks, but seem to be opportunistic > in nature. > > Any information would be helpful. > > Sterling. > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com -- mark seiden, misat_private ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Feb 27 2002 - 16:17:18 PST