February 13th, 2005, 12:47 AM
What's an WEB-IIS ISAPI .ida attempt?
...about once a week or so (maybe more), I get these attacks from an IP on the CHINA RAILWAY TELECOMMUNICATIONS CENTER (from APNIC whois). They also tried a cmd.exe access. I'm running an old NT server behind a Smoothie and every once in a while I'll have a gander at the logs. I'm still enamored of the fact the Chinese take such an interest in me, but methinks they probe the US internet quite extensively. Fwiw, I nmapped 'em and they're buttoned up tight. It's nothing critical, just some development sites I'm working on.
February 13th, 2005, 12:57 AM
I hope this helps you...
Google Search: What's an WEB-IIS ISAPI .ida attempt?
February 13th, 2005, 01:27 AM
On an added note...
...I sometimes run Remote Administrator from Famatech for access over the net. I'll typically block and unblock firewall access to the software as I see fit. I notice in checked those logs attempts to login to the program and it's always seven attempts; never less, never more. Some kiddies out there running scripts for radmin?
Thanks, Egaladeist, looks like it could be a worm...
February 13th, 2005, 03:14 PM
You can bet your last dollar that there is a fair amount of radmin exploit attempts all over the 'Net. I consider it 'background noise'.
I get a TON of probes and exploits on my clients Pac-rim systems, a lot of which show apparently Chinese points of origin. I think it's as much directed scans as compromised systems that are being controlled from elsewhere. It's not all that special that it comes from China.
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore