Results 1 to 3 of 3
  1. #1
    Junior Member
    Join Date
    Jul 2002

    Network ICe - hack attempts

    In Black ICE, I frequently get a series of attacks which are a string of UDP + TCP port scans, plus the IIS system 32 command, from the same user, in rapid succession. Can someone tell me exactly what they are doing? (Yes, I have IIS running). Are they running some kind of script or special program that is looking for this vulnerability? If so, what program? Where can I find documentation? I repeat, I get this same attack frequently, so I imagine it's automated somehow - I just would like to know the details about exactly what they are doing on their end - ie. what program, etc. Appreciate the help.

  2. #2
    Senior Member
    Join Date
    Sep 2001
    It think the link is good if your on an ISS server :

    what i found, that i think relates to what your asking about:
    script language=\"M$cript\";
    function beginError(bsod) {
    return true; }
    onLoad.windows = beginError;

  3. #3
    Sounds like your IP being scaned by a "run of the mill" trogen. Sounds like your firewall is doing it job just fine though. Do a seach on Netbus or Sub7 to find what kind of script kiddie might be praying on your IP block. Hope this sheds a litle light your way.

    Don\'t Put me on a plate!
    I might use my magnet to Escape!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts