-
August 4th, 2002, 06:33 AM
#1
Junior Member
Network ICe - hack attempts
In Black ICE, I frequently get a series of attacks which are a string of UDP + TCP port scans, plus the IIS system 32 command, from the same user, in rapid succession. Can someone tell me exactly what they are doing? (Yes, I have IIS running). Are they running some kind of script or special program that is looking for this vulnerability? If so, what program? Where can I find documentation? I repeat, I get this same attack frequently, so I imagine it's automated somehow - I just would like to know the details about exactly what they are doing on their end - ie. what program, etc. Appreciate the help.
-
August 4th, 2002, 07:16 AM
#2
It think the link is good if your on an ISS server :
http://www.securiteam.com/exploits/A...erability.html
what i found, that i think relates to what your asking about:
http://online.securityfocus.com/arch...4/2002-04-30/0
script language=\"M$cript\";
function beginError(bsod) {
return true; }
onLoad.windows = beginError;
-
August 4th, 2002, 07:20 AM
#3
Member
Sounds like your IP being scaned by a "run of the mill" trogen. Sounds like your firewall is doing it job just fine though. Do a seach on Netbus or Sub7 to find what kind of script kiddie might be praying on your IP block. Hope this sheds a litle light your way.
Peace
Don\'t Put me on a plate!
I might use my magnet to Escape!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|