Security Incidents mailing list archives

Re: Increase in MS vuln WebDav scans

From: Cory Donnelly <lists2 () onryou com>
Date: Tue, 01 Jun 2004 21:09:19 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

caldcv () students fccj org wrote:

Got some myself. I posted a post about this a few weeks ago and the
moderator said that many worms out today like Ago/Phatbot use the
WebDAV vulnerability in the worm. I just ignore them and rotate out my
logs more because that particular scan takes like 34k of log space.


Be careful, that may very well be Exactly What They Want You to Do.  If
/you/ were going to compromise a particular box, wouldn't you do all you
could to discourage its admin from reading logs -- or even better, speed
up the frequency of rotation?

take care,

Cory
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)

iD8DBQFAvSi/okBdAgPGOhURAtmzAKDPHcEGeIPvEQ8bbBMSxBX7qA6tsACg5sgJ
CKnPN084fblG4efr8rRAO6Q=
=qwZ5
-----END PGP SIGNATURE-----

Current thread:

Increase in MS vuln WebDav scans Hubbard, Dan (Jun 01)
- <Possible follow-ups>
- Re: Increase in MS vuln WebDav scans caldcv (Jun 01)
  - Re: Increase in MS vuln WebDav scans Jose Nazario (Jun 02)
  - Re: Increase in MS vuln WebDav scans Cory Donnelly (Jun 02)