Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


FW: Win2k hack attempt
.

  • To: [EMAIL PROTECTED]
  • Subject: FW: Win2k hack attempt
  • From: "Blake R. Swopes" <[EMAIL PROTECTED]>
  • Date: Mon, 01 Jan 2001 02:29:27 +0100
.
 
-----Original Message-----
From: Tony Turk [mailto:[EMAIL PROTECTED]
Sent: Sunday, December 31, 2000 11:57 AM
To: [EMAIL PROTECTED]
Subject: Re: Win2k hack attempt


Definately looks like msadc RDS flaw.  Based on the logs, I have seem to
have ruled out unicode.  I have tried so called "0-day" unicode exploits
(via perl, etc) and the logs made by that are quite different.  You actually
see the unicode string value in the log.  I didn't recognize any real
unicode strings in that.  There is a great IIS hardening guide here:
http://www.shebeen.com/iis4_nt4sec.htm  You really should be all sealed up
if you follow this guide.  Even if you miss a few steps, it is still pretty
much rock solid as far as I could tell.  Good luck.

Tony Turk




>   Hi list,
>
>   Please give your opinion its a bit wierd...
>   Hacking attempt on my win2k server, please try to tell me what is wrong
>with my
>   system what is the hacking method taken ? and any other useful
>information
>will be great.
>   I patched myself with all the patches available.
>
>   the log is attached.

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.