Security Incidents mailing list archives
Re: Increase in MS vuln WebDav scans
From: Cory Donnelly <lists2 () onryou com>
Date: Tue, 01 Jun 2004 21:09:19 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 caldcv () students fccj org wrote:
Got some myself. I posted a post about this a few weeks ago and the moderator said that many worms out today like Ago/Phatbot use the WebDAV vulnerability in the worm. I just ignore them and rotate out my logs more because that particular scan takes like 34k of log space.
Be careful, that may very well be Exactly What They Want You to Do. If /you/ were going to compromise a particular box, wouldn't you do all you could to discourage its admin from reading logs -- or even better, speed up the frequency of rotation? take care, Cory -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) iD8DBQFAvSi/okBdAgPGOhURAtmzAKDPHcEGeIPvEQ8bbBMSxBX7qA6tsACg5sgJ CKnPN084fblG4efr8rRAO6Q= =qwZ5 -----END PGP SIGNATURE-----
Current thread:
- Increase in MS vuln WebDav scans Hubbard, Dan (Jun 01)
- <Possible follow-ups>
- Re: Increase in MS vuln WebDav scans caldcv (Jun 01)
- Re: Increase in MS vuln WebDav scans Jose Nazario (Jun 02)
- Re: Increase in MS vuln WebDav scans Cory Donnelly (Jun 02)