Have you verified the remote ends are not anonymous/proxies? -----Original Message----- From: Sterling Moses [mailto:sterlingat_private] Sent: Wednesday, February 27, 2002 12:11 PM To: incidentsat_private Subject: New Attack / New Vulnerability? Is there a new vulnerability out? We monitor hundreds of financial IIS servers and have noticed many requests for the following: GET /_vti_bin/owssvr.dll 404 These requests originate from multiple IP addresses, and hit different machines on different networks. Based on the traffic and number of entries I can guess these are not targeted attacks, but seem to be opportunistic in nature. Any information would be helpful. Sterling. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Feb 27 2002 - 17:45:43 PST