here's why: http://www.securityfocus.com/bid/8035/info/ cheers, sunzi ----- Original Message ----- From: "oherrera" <oherreraat_private> To: <incidentsat_private> Sent: Friday, August 08, 2003 7:11 PM Subject: Re: Heads up! distributed scans and attacks targeting nsiss.dll > We received one scan today from 206.29.36.131, with payload: > GET /scripts/nsiislog.dll. I don't remember seing this kind > of activity before in the last 3 months. > > Omar Herrera > > > Greetings All, > > This morning I noticed that snort had logged a > > whole lot of "WEB-IIS nsiislog.dll access" alerts. After > > several hours of investigation I decided that there are > > enough interesting and different things about this > > incident to warrant writing a summary of what happened. > > -------------------------------------------------------------------------- - > -------------------------------------------------------------------------- -- > > --------------------------------------------------------------------------- Captus Networks - Integrated Intrusion Prevention and Traffic Shaping - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Ensure Reliable Performance of Mission Critical Applications - Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814 ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Aug 14 2003 - 17:20:16 PDT