Security Incidents mailing list archives
Re: New to this and need help plz!!
From: Dave Woods <dave () TECHWEAVERS NET>
Date: Thu, 28 Dec 2000 11:57:50 -0700
[**] IDS292 - WEB FRONTPAGE - Frontpage-shtml.dll [**] 12/27-06:46:04.461674 xxx.xxx.xxx.xxx:48731-> xxx.xxx.xxx.xxx:80 TCP TTL:244 TOS:0x0 ID:4692 DF *****PA* Seq: 0xC621C4EA Ack: 0x243699 Win: 0x2238 I have recieved a total of 27 of these from that one source, going to my webserver. No kidding eh being port 80 =] Now from my understanding this
can
be legit traffic. Now i dns'd the ip and its a large consulting/industry company. I checked out with a sales rep and we do sell products to this company. However from what i read from Whitehats.com i dont see a reason
why
this should happen from a customer. So i really dont know how to address this. Can someone please help me out? Should i contact the network administrator from that company about this?
A quick search for shtml.dll yielded these results: http://www.securityfocus.com/vdb/bottom.html?vid=1594 http://www.securityfocus.com/vdb/bottom.html?vid=1435 http://www.securityfocus.com/vdb/bottom.html?vid=1174 These are the known issues with that dll maybe someone is trying to perform on of these attacks but then again I know nothing about Front Page / IIS Sincerely, David Woods Techweavers Inc. dave () techweavers net www.techweavers.net Phone: (780)-423-3952 Fax: (780)-432-3220
Current thread:
- New to this and need help plz!! Robert J. Wright (Dec 27)
- Re: New to this and need help plz!! Jeff (Dec 28)
- Re: New to this and need help plz!! Blake R. Swopes (Dec 28)
- <Possible follow-ups>
- Re: New to this and need help plz!! Dave Woods (Dec 28)