New IIS Exploit?

["DS" <dsardina () si rr com>]

Hi:


Is there something new going around killing IIS Servers\Services?
Not only have I experienced this, but also few friends. 


Running IIS on port 80, working fine and then all of a sudden,
You or someone tries to browse your website and cannot connect.

So you run a netstat -a while browsing that website and it says:

TCP    mymachine:3041       121.XX.XX.XX.XX.rr.com:http  SYN_SENT


It was working all day and now this SYN_SENT comes in.
Nothing in the logs. Had them scan for code red 2 and nothing.


Anyone experienced this?


Thanks.
DS-