Re: New to this and need help plz!!

[Dave Woods <dave () TECHWEAVERS NET>]

> [**] IDS292 - WEB FRONTPAGE - Frontpage-shtml.dll [**]
> 12/27-06:46:04.461674 xxx.xxx.xxx.xxx:48731-> xxx.xxx.xxx.xxx:80
> TCP TTL:244 TOS:0x0 ID:4692 DF
> *****PA* Seq: 0xC621C4EA Ack: 0x243699 Win: 0x2238
>
> I have recieved a total of 27 of these from that one source, going to my
> webserver. No kidding eh being port 80 =] Now from my understanding this
can
> be legit traffic. Now i dns'd the ip and its a large consulting/industry
> company. I checked out with a sales rep and we do sell products to this
> company. However from what i read from Whitehats.com i dont see a reason
why
> this should happen from a customer. So i really dont know how to address
> this. Can someone please help me out? Should i contact the network
> administrator from that company about this?

A quick search for shtml.dll yielded these results:

http://www.securityfocus.com/vdb/bottom.html?vid=1594
http://www.securityfocus.com/vdb/bottom.html?vid=1435
http://www.securityfocus.com/vdb/bottom.html?vid=1174

These are the known issues with that dll maybe someone is trying to perform
on of these attacks but then again I know nothing about Front Page / IIS

Sincerely,
David Woods
Techweavers Inc.
dave () techweavers net
www.techweavers.net
Phone: (780)-423-3952
Fax: (780)-432-3220