What's an WEB-IIS ISAPI .ida attempt?

...about once a week or so (maybe more), I get these attacks from an IP on the CHINA RAILWAY TELECOMMUNICATIONS CENTER (from APNIC whois). They also tried a cmd.exe access. I'm running an old NT server behind a Smoothie and every once in a while I'll have a gander at the logs. I'm still enamored of the fact the Chinese take such an interest in me, but methinks they probe the US internet quite extensively. Fwiw, I nmapped 'em and they're buttoned up tight. It's nothing critical, just some development sites I'm working on.

Hi brokencrow,

I hope this helps you...

http://www.google.ca/search?client=f...=Google+Search
Google Search: What's an WEB-IIS ISAPI .ida attempt?

...I sometimes run Remote Administrator from Famatech for access over the net. I'll typically block and unblock firewall access to the software as I see fit. I notice in checked those logs attempts to login to the program and it's always seven attempts; never less, never more. Some kiddies out there running scripts for radmin?

Thanks, Egaladeist, looks like it could be a worm...

http://www.webhostingtalk.com/archiv...d/31794-1.html

You can bet your last dollar that there is a fair amount of radmin exploit attempts all over the 'Net. I consider it 'background noise'.

I get a TON of probes and exploits on my clients Pac-rim systems, a lot of which show apparently Chinese points of origin. I think it's as much directed scans as compromised systems that are being controlled from elsewhere. It's not all that special that it comes from China.