What's an WEB-IIS ISAPI .ida attempt?
Results 1 to 4 of 4

Thread: What's an WEB-IIS ISAPI .ida attempt?

  1. #1
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243

    What's an WEB-IIS ISAPI .ida attempt?

    ...about once a week or so (maybe more), I get these attacks from an IP on the CHINA RAILWAY TELECOMMUNICATIONS CENTER (from APNIC whois). They also tried a cmd.exe access. I'm running an old NT server behind a Smoothie and every once in a while I'll have a gander at the logs. I'm still enamored of the fact the Chinese take such an interest in me, but methinks they probe the US internet quite extensively. Fwiw, I nmapped 'em and they're buttoned up tight. It's nothing critical, just some development sites I'm working on.

  2. #2
    T̙͓̞̣̯ͦͭͅͅȂͧͭͧ̏̈͏̖̖Z̿ ͆̎̄
    Join Date
    Dec 2004
    Posts
    3,171
    Hi brokencrow,

    I hope this helps you...

    http://www.google.ca/search?client=f...=Google+Search
    Google Search: What's an WEB-IIS ISAPI .ida attempt?

  3. #3
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243

    On an added note...

    ...I sometimes run Remote Administrator from Famatech for access over the net. I'll typically block and unblock firewall access to the software as I see fit. I notice in checked those logs attempts to login to the program and it's always seven attempts; never less, never more. Some kiddies out there running scripts for radmin?

    Thanks, Egaladeist, looks like it could be a worm...

    http://www.webhostingtalk.com/archiv...d/31794-1.html

  4. #4
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    You can bet your last dollar that there is a fair amount of radmin exploit attempts all over the 'Net. I consider it 'background noise'.

    I get a TON of probes and exploits on my clients Pac-rim systems, a lot of which show apparently Chinese points of origin. I think it's as much directed scans as compromised systems that are being controlled from elsewhere. It's not all that special that it comes from China.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •