FW: Win2k hack attempt

["Blake R. Swopes" <bhodi () BIGFOOT COM>]

-----Original Message-----
From: Tony Turk [mailto:u4ia982 () hotmail com]
Sent: Sunday, December 31, 2000 11:57 AM
To: bhodi () BIGFOOT COM
Subject: Re: Win2k hack attempt


Definately looks like msadc RDS flaw.  Based on the logs, I have seem to
have ruled out unicode.  I have tried so called "0-day" unicode exploits
(via perl, etc) and the logs made by that are quite different.  You actually
see the unicode string value in the log.  I didn't recognize any real
unicode strings in that.  There is a great IIS hardening guide here:
http://www.shebeen.com/iis4_nt4sec.htm  You really should be all sealed up
if you follow this guide.  Even if you miss a few steps, it is still pretty
much rock solid as far as I could tell.  Good luck.

Tony Turk




>   Hi list,
>
>   Please give your opinion its a bit wierd...
>   Hacking attempt on my win2k server, please try to tell me what is wrong
> with my
>   system what is the hacking method taken ? and any other useful
> information
> will be great.
>   I patched myself with all the patches available.
>
>   the log is attached.

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com