Educause Security Discussion mailing list archives
Re: Chinese dot-dot-slash attack on Windows 2000/IIS
From: Justin Azoff <JAzoff () UAMAIL ALBANY EDU>
Date: Fri, 12 Sep 2008 16:46:18 -0400
On Thu, 2008-09-11 at 19:08 -0700, Andrew Daviel wrote:
(previously posted to UNISOG) We had some guy coming in from Guangdong over Windows Terminal Server, with "B.A.C.K.D.O.O.R" buried in the network traffic. I thought we had a trojan server, but the server binary looks legit and the string was in incoming traffic, so maybe he's got a password but was using some funny client. Then we found some highly suspicious HTTP traffic:
Can't comment on the rest, but "B.A.C.K.D.O.O.R" was most likely just the utf-16 representation of "BACKDOOR".. the .'s were probably 0x00 -- -- Justin Azoff -- Network Performance Analyst
Current thread:
- Chinese dot-dot-slash attack on Windows 2000/IIS Andrew Daviel (Sep 11)
- <Possible follow-ups>
- Re: Chinese dot-dot-slash attack on Windows 2000/IIS Justin Azoff (Sep 12)
- Re: Chinese dot-dot-slash attack on Windows 2000/IIS Andrew Daviel (Sep 12)
- Re: Chinese dot-dot-slash attack on Windows 2000/IIS Curt Wilson (Sep 16)
- Re: Chinese dot-dot-slash attack on Windows 2000/IIS Jeni Li (Sep 26)
- Re: Chinese dot-dot-slash attack on Windows 2000/IIS Delaney, Cherry L. (Sep 27)