Security Incidents mailing list archives
FW: Win2k hack attempt
From: "Blake R. Swopes" <bhodi () BIGFOOT COM>
Date: Sun, 31 Dec 2000 12:19:15 -0800
-----Original Message----- From: Tony Turk [mailto:u4ia982 () hotmail com] Sent: Sunday, December 31, 2000 11:57 AM To: bhodi () BIGFOOT COM Subject: Re: Win2k hack attempt Definately looks like msadc RDS flaw. Based on the logs, I have seem to have ruled out unicode. I have tried so called "0-day" unicode exploits (via perl, etc) and the logs made by that are quite different. You actually see the unicode string value in the log. I didn't recognize any real unicode strings in that. There is a great IIS hardening guide here: http://www.shebeen.com/iis4_nt4sec.htm You really should be all sealed up if you follow this guide. Even if you miss a few steps, it is still pretty much rock solid as far as I could tell. Good luck. Tony Turk
Hi list, Please give your opinion its a bit wierd... Hacking attempt on my win2k server, please try to tell me what is wrong with my system what is the hacking method taken ? and any other useful information will be great. I patched myself with all the patches available. the log is attached.
_________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com
Current thread:
- FW: Win2k hack attempt Blake R. Swopes (Dec 31)
- <Possible follow-ups>
- Re: Win2k hack attempt Robert G. Ferrell (Jan 02)