Re: IIS (Possible DoS floating around)

[Mike Shaw <mshaw () wwisp com>]

Any further info on system configurations?  ISAPI mappings, installed 
software (perl, cold fusion...), running services?

-Mike

At 12:27 PM 11/12/2001 -0500, Keith.Morgan wrote:
> The focus-ms list is hopping a little regarding some strange behaviour from
> IIS.
>
> The symptoms:
> IIS continues to run (or sometimes crashes), but the common thread is that
> the port is closed.
>
> After recieving a report on focus-ms, and having this same behaviour occur
> on one of our webservers, I contacted a friend who runs a (logically) nearby
> network.  He indicated that the same problem had occurred on some of thier
> servers.
>
> I'm currently pouring over logs attempting to locate anything out of the
> ordinary.
>
> Just a note for all those that will say "make sure you've applied patches or
> run the hfnetchk:" Our servers are at completely current patch levels.
>
>
> Keith T. Morgan
> Chief of Information Security
> Terradon Communications
> keith.morgan () terradon com
> 304-755-8291 x142
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com