RE: Probe for index server .ida

["Jason Burzenski" <jason.burzenski () gsxxi com>]

Sure thing...

x=source ip
y=dest ip (my srvr)

2001-06-17 03:18:24 x.x.x.x - W3SVC3 AMJERI00 y.y.y.y GET /blabla.idc - 500
0 312 175 63 80 HTTP/1.0 VoidEYE+CGI+security+scanner - -
2001-06-17 03:18:24 x.x.x.x - W3SVC3 AMJERI00 y.y.y.y GET /blabla.idq - 200
0 188 175 250 80 HTTP/1.0 VoidEYE+CGI+security+scanner - -
2001-06-17 03:18:25 x.x.x.x - W3SVC3 AMJERI00 y.y.y.y GET /blabla.ida - 200
0 188 175 16 80 HTTP/1.0 VoidEYE+CGI+security+scanner - -
2001-06-17 03:18:25 x.x.x.x - W3SVC3 AMJERI00 y.y.y.y GET /blabla.idw - 404
2 604 175 47 80 HTTP/1.0 VoidEYE+CGI+security+scanner - -
2001-06-17 03:18:25 x.x.x.x - W3SVC3 AMJERI00 y.y.y.y GET
/msadc/msadcs.dll - 404 3 604 181 32 80 HTTP/1.0
VoidEYE+CGI+security+scanner - -
2001-06-17 03:18:27 x.x.x.x - W3SVC3 AMJERI00 y.y.y.y GET /blabla.idc - 500
0 312 175 16 80 HTTP/1.0 VoidEYE+CGI+security+scanner - -

-----Original Message-----
From: SmartHackers [mailto:martinez () smarthackers com]
Sent: Thursday, June 21, 2001 2:43 PM
To: incidents () securityfocus com
Subject: Probe for index server .ida


Has anyone been probed by sources looking for the new Microsoft IIS hole
MS01-033 released the other day. If you have, I would be very interested in
obtaining a copy of your logs if you still have them.  Thanks

_____________________________________________________________
Sign up for FREE email from SmartHackers at http://www.smarthackers.com