G
GitzJoey
from my logfiles i got these
2004-09-21 16:21:16 202.155.158.21 - xxx.xxx.xxx.xxx 80 GET /default.ida
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u90
90%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u
9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a 200 -
i'm using win2k with the latest update using windows update
and using iis that came with win2k build in(i think v5.0)
my question,
is it already infected my box? but i dont find any suspicious file like
root.exe in /script,
mapped drive c as virtual directory, etc
what does the logs say? its response 200(success), success for what? buffer
overflow?
yes i use urlscan right now(after i got this attack) but i dont really like
it b'coz i can
use the web-DAV again, is there any other way beside using urlscan?
thanks again
2004-09-21 16:21:16 202.155.158.21 - xxx.xxx.xxx.xxx 80 GET /default.ida
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u90
90%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u
9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a 200 -
i'm using win2k with the latest update using windows update
and using iis that came with win2k build in(i think v5.0)
my question,
is it already infected my box? but i dont find any suspicious file like
root.exe in /script,
mapped drive c as virtual directory, etc
what does the logs say? its response 200(success), success for what? buffer
overflow?
yes i use urlscan right now(after i got this attack) but i dont really like
it b'coz i can
use the web-DAV again, is there any other way beside using urlscan?
thanks again