Educause Security Discussion mailing list archives
Re: Chinese dot-dot-slash attack on Windows 2000/IIS
From: Andrew Daviel <advax () TRIUMF CA>
Date: Fri, 12 Sep 2008 15:26:03 -0700
On Fri, 12 Sep 2008, Justin Azoff wrote:
Can't comment on the rest, but "B.A.C.K.D.O.O.R" was most likely just the utf-16 representation of "BACKDOOR".. the .'s were probably 0x00
Yes, they were 0x00. .. ah.. I just compared the log to a capture of myself logging on using rdesktop. It's just the local name of the computer used to login. One mystery solved (either that's the name of their computer, or probably they are coming through a trojan proxy that sets the machine name to that string.) -- Andrew Daviel, TRIUMF, Canada Tel. +1 (604) 222-7376 (Pacific Time) Network Security Manager
Current thread:
- Chinese dot-dot-slash attack on Windows 2000/IIS Andrew Daviel (Sep 11)
- <Possible follow-ups>
- Re: Chinese dot-dot-slash attack on Windows 2000/IIS Justin Azoff (Sep 12)
- Re: Chinese dot-dot-slash attack on Windows 2000/IIS Andrew Daviel (Sep 12)
- Re: Chinese dot-dot-slash attack on Windows 2000/IIS Curt Wilson (Sep 16)
- Re: Chinese dot-dot-slash attack on Windows 2000/IIS Jeni Li (Sep 26)
- Re: Chinese dot-dot-slash attack on Windows 2000/IIS Delaney, Cherry L. (Sep 27)