Security Incidents mailing list archives
ncacn_http/1.0
From: <theGooo () hotmail com>
Date: Thu, 7 Mar 2002 12:37:18 +0200
I have been getting Nimda like scans from different hosts this morning. /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNN scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir _mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir When I checked these hosts, I found that they have some ports that display "ncacn_http/1.0" when you connect to them. Is this Netcat or something else? BTW, all these servers don't have a port 80 open and they are windows machines. Regards, Sameh ======================================== Sameh Y. Farag Security Engineer Internet Security Systems - Middle East Tel: +2 02 7607011 Fax: +2 02 7607013 <http://www.iss.net/> The power to protect ======================================== __________________________________________________ Manage your Hotmail with ANY email application: Get Pop3Hot at <http://pop3hot.com/main.htm> ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- RE: ncacn_http/1.0 McCammon, Keith (Mar 07)
- <Possible follow-ups>
- ncacn_http/1.0 theGooo (Mar 07)
- Re: ncacn_http/1.0 cw (Mar 07)