Re: i am experincing intrusion attempts

To: debian-security@lists.debian.org
Subject: Re: i am experincing intrusion attempts
From: Richard Ibbotson <richard@sheflug.co.uk>
Date: Tue, 18 Sep 2001 17:41:05 +0100
Message-id: <[🔎] 200109181641.f8IGf7T24519@zetnet.co.uk>
In-reply-to: <[🔎] 75.1b49fa45.28d8c254@aol.com>
References: <[🔎] 75.1b49fa45.28d8c254@aol.com>

Drew

> I need to trace the person who is hitting on my pc 40 times a day.
> Any ideas?

Perhaps the following from Slashdot and other places ?? ......


A new worm, being called w32.nimda.amm, is being sent around. The 
attachment is called README.EXE and comes as a MIME-type of 
"audio/x-wav" together with some html parts. There appears to be no 
text in this message when it is displayed by Outlook when in 
Auto-Preview mode (always a good indication there's something not 
quite right with an email.)

The network attacks against IIS boxes are a wide variety of attacks. 
Amongst them appear to be several attacks that assume the machine is 
compromised by Code Red II (looking for ROOT.EXE in the /scripts and 
/msadc directory, as well as an attempt to use the /c and /d virtual 
roots to get to CMD.EXE). Further, it attempts to exploit numerous 
other known IIS vulnerabilities.

Or .... perhaps not ?  Probably not :))  You need help from someone 
else :)  Apologies for getting it wrong.

Thanks


-- 
Richard

Reply to:

References:
- i am experincing intrusion attempts
  - From: Seekingheat50750@aol.com

Prev by Date: Re: i am experincing intrusion attempts
Next by Date: Re: i am experincing intrusion attempts
Previous by thread: Re: i am experincing intrusion attempts
Next by thread: Re: i am experincing intrusion attempts
Index(es):
- Date
- Thread