Security Incidents mailing list archives
RE: strange cmd.exe access
From: "Jeff Adams" <JAdams () NetCentrics com>
Date: Fri, 30 May 2003 18:13:11 -0400
what is strange is that the cmd.exe / root.exe stuff is half way through with some other code before it the ip it hit was not mapped to
anything ( I believe it is unused) so this can not have been part of another tcp converstion any ideas ?
I have been seeing similar odd cmd.exe packets as well.=20 It looks like part of a Code Red or a new variant. Anyone else seeing the same? ---------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- strange cmd.exe access Q (May 30)
- <Possible follow-ups>
- RE: strange cmd.exe access James C. Slora, Jr. (May 30)
- RE: strange cmd.exe access Jeff Adams (May 30)