RE: WARNING: Hacker Alert

andrey_kalinin Tue, 18 Sep 2001 08:51:29 -0700


it seems more like a code blue worm, which uses web directory traversal
vulnerability.  apply patch MS00-44.
you should also remove unneeded default virual directoies (like scripts, msdac,
printers, etc.)


Andrey Kalinin





Please respond to "NT System Admin Issues"
      <[EMAIL PROTECTED]>
                                                              
                                                              
                                                              
                                                              
                                                              
                                                              
                                                              
                                                              
                                                              
 Subject: RE: WARNING: Hacker Alert                           
                                                              





CodeRed seems to have dwindled to nothing on my logs. But it's being
replaced with the EXACT same lines you have below, and they stay consistent
with the code red 2 methods of attacking the more local subnets.

Jason Morris CCDA CCNP
Network Administrator
MJMC, Inc.
708-225-2350
[EMAIL PROTECTED]


-----Original Message-----
From: Jason Morris [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 9:50 AM
To: NT System Admin Issues
Cc: '[EMAIL PROTECTED]'
Subject: RE: WARNING: Hacker Alert


Yes. It seems to be systems I have previously monitored hitting me with
codered attacks. I bet someone is activating all of their children.

Jason Morris CCDA CCNP
Network Administrator
MJMC, Inc.
708-225-2350
[EMAIL PROTECTED]


-----Original Message-----
From: xylog [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 9:45 AM
To: NT System Admin Issues
Subject: WARNING: Hacker Alert


All my public facing web servers at home and at my office have shown a
huge continuous hacking activity. Has anyone seen similar? I fear this
may be code red related or automated. Please comment if you have seen
similar. Here is an excerpt from one logfile:

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm






http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: WARNING: Hacker Alert

Reply via email to
