RE: CodeRed Observations. ##

From: Rob Shein (shotenat_private)
Date: Tue Mar 18 2003 - 11:45:31 PST

Next message: Harlan Carvey: "Re: SPM2000$ Rouge Share"

Previous message: Robinson, Jonathon: "RE: SPM2000$ Rouge Share"
In reply to: root: "RE: CodeRed Observations. ##"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ah, but that's the entry that EVERYONE is mentioning, and there are no
others.  Doesn't it seem odd that such a specific and peculiar behavior
characteristic of IIS would be SO unmentioned if it were real?

> -----Original Message-----
> From: root [mailto:rootat_private] 
> Sent: Monday, March 17, 2003 11:14 PM
> To: incidentsat_private; incidentsat_private
> Subject: RE: CodeRed Observations. ## 
> 
> 
> 
> Subject: RE: CodeRed Observations.
> MIME-Version: 1.0
> Content-Type: text/plain;
> 	charset="us-ascii"
> Content-Transfer-Encoding: quoted-printable
> Date: Fri, 14 Mar 2003 13:52:40 -0500
> X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
> Message-ID: 
> <D49508FE6BCE104A8D152CC97D4E2F0E6963FDat_private>
> X-MS-Has-Attach: 
> X-MS-TNEF-Correlator: 
> Thread-Topic: CodeRed Observations.
> Thread-Index: AcLqWuPHlTcxQEoxTAGjH0dy9wj9lQ==
> From: "King, Brian" <BKingat_private>
> To: <incidentsat_private>
> 
> Heres the article that I read about IIS and IE interactions: 
> http://grotto11.com/blog/slash.html?+> 1039831658 . Besides 
> quicker propagation, not using a 
> handshake would allow spoofed IPs so that it would be harder 
> to track down and fix. Brian
> 
> --------------------------------------------------------------
> --------------
> 
> <Pre>Lose another weekend managing your IDS?
> Take back your personal time.
> 15-day free trial of StillSecure Border Guard.</Pre>
> <A href=3D"http://www.securityfocus.com/stillsecure"> 
> http://www.securityfocus.com/stillsecure </A>
> 
> 
> .
> 
> 
> --------------------------------------------------------------
> --------------
> 
> <Pre>Lose another weekend managing your IDS?
> Take back your personal time.
> 15-day free trial of StillSecure Border Guard.</Pre>
> <A href="http://www.securityfocus.com/stillsecure"> 
> http://www.securityfocus.com/stillsecure </A>
> 
> 


----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>

Next message: Harlan Carvey: "Re: SPM2000$ Rouge Share"
Previous message: Robinson, Jonathon: "RE: SPM2000$ Rouge Share"
In reply to: root: "RE: CodeRed Observations. ##"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Mar 19 2003 - 12:57:48 PST