Security Incidents mailing list archives

New Attack / New Vulnerability?

From: "Sterling Moses" <sterling () silversoftwareinc com>
Date: Wed, 27 Feb 2002 11:11:00 -0600

Is there a new vulnerability out?

We monitor hundreds of financial IIS servers and have noticed many requests
for the following:

GET /_vti_bin/owssvr.dll 404

These requests originate from multiple IP addresses, and hit different
machines on
different networks.

Based on the traffic and number of entries I can guess these are not
targeted attacks, but seem to be opportunistic
in nature.

Any information would be helpful.

Sterling.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

RE: Wave of Nimda-like hits this morning?, (continued)
- RE: Wave of Nimda-like hits this morning? Brian Mooney (Feb 26)
  - Re: Wave of Nimda-like hits this morning? John Brahy (Feb 26)
    - Re: Wave of Nimda-like hits this morning? Jay D. Dyson (Feb 27)
    - Re: Wave of Nimda-like hits this morning? Benjamin Morin (Feb 28)
  - RE: Wave of Nimda-like hits this morning? Christopher L. Morrow (Feb 27)
- Re: Wave of Nimda-like hits this morning? security (Feb 26)
- Re: Wave of Nimda-like hits this morning? Erick Brockway (Feb 27)
- Wave of Nimda-like hits this morning? Michael Sutton (Feb 26)
- RE: Wave of Nimda-like hits this morning? Ronneil Camara (Feb 26)
- RE: Wave of Nimda-like hits this morning? Greg Williamson (Feb 26)
  - New Attack / New Vulnerability? Sterling Moses (Feb 27)
    - Re: New Attack / New Vulnerability? Mark Seiden (Feb 27)
- RE: Wave of Nimda-like hits this morning? Darren Young (Feb 27)
  - RE: Wave of Nimda-like hits this morning? Scott A. Barbour (Feb 27)