That's all very intersting and I'm sure quite true, but the IP number of the offending machine is:-
202.0.37.188 Two-Zero-Two .... not Two-Zero-Three .... Johnno wrote: > That IP 203.0.37.188 or the C Class is > > inetnum: 203.0.37.0 - 203.0.37.255 > netname: JEFFRESS-AU > descr: Neville Jeffress Australia Pty Ltd > descr: 7-13 Parraween St > descr: Cremorne > descr: NSW 2090 > country: AU > >>From the 5 mins or so i spent looking at it has a firewall on 203.0.37.34 > and has the telnet port... hmmm.... maybe some should have a talk to him > about that,, SSH is better adn more secure :)) > > And the web server is a Microsoft-IIS/5.0 it is a very badly setup and run > > and seems to that .99 is a service of some sort > (jekyll.monsterboard.com.au) a Mail server etc.. but for some reason access > to the firewall is stopping all access to it... > > All I can say is what a waste of a C Class :( > > Johnno > > > ----- Original Message ----- > From: "Christopher Sawtell" <[EMAIL PROTECTED]> > To: "Jeremy Bertenshaw" <[EMAIL PROTECTED]> > Cc: "gjw49" <[EMAIL PROTECTED]>; > <[EMAIL PROTECTED]> > Sent: Thursday, May 09, 2002 11:38 AM > Subject: Re: MS / Open Source > > > >>Jeremy Bertenshaw wrote: >> >>>I think the latest iis security update for 4,5 & 5.1 fixes these code >> > red like sploits :-) > >>Yes, I'm sure that's quite correct. >>The problem is that I suspect that they ( 202.0.37.188 ) would not have >>even the remotest clue that they are actually running a web server, that >>it's >>infected, and least of all how to go about applying the patches. >> >>I really feel for the poor sods when their kilo-buck type bill for >>excess traffic arrives. >> >> >>>>From: Christopher Sawtell <[EMAIL PROTECTED]> >>>>Date: 2002/05/08 Wed PM 07:45:52 GMT+12:00 >>>>To: gjw49 <[EMAIL PROTECTED]> >>>>CC: [EMAIL PROTECTED] >>>>Subject: Re: MS / Open Source >>>> >>>>gjw49 wrote: >>>> >>>>- - [07/May/2002:15:12:33 +1200] "GET >>>>/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 326 >>>>"-" "-" >>>> >>>>etc., etc. every other moment. >>>> >>>>Anybody know how to "fix" IIS to turn it off. There is no page at that >>>>address. >>> >>> >>> >>> >>> >>> >> >> >> > > >
