Re: Curious about port 137 traffic logging
From: Charles Munchow (charlesm_at_nospam.post.com)
Date: 07/28/03
- Previous message: Joe T.: "Re: Creative Nomad Jukebox and Linux"
- In reply to: Moonlit: "Curious about port 137 traffic logging"
- Next in thread: Moonlit: "Re: Curious about port 137 traffic logging"
- Reply: Moonlit: "Re: Curious about port 137 traffic logging"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 28 Jul 2003 12:23:39 GMT
Moonlit wrote:
> Hi,
>
> Just a few days ago I have brought my new server online with all the
> latest software (hopefully without too many security breaches). I even saw
> some people try to run some MS-Windows programs by trying to type a url
> with /C<path> in it hoping that it would execute the dos command prompt.
> Great! never thought somebody would actually try to hack my system :-).
>
If the attempt to run a program on c: drive was an HTTP request on port 80,
it was probably a "Code Red" virus on someones infected MS NT4 IIS. It
usually tries and runs root.exe. I see a couple of these attempts on all
our Internet connected web servers every day.
CharlesM.
- Previous message: Joe T.: "Re: Creative Nomad Jukebox and Linux"
- In reply to: Moonlit: "Curious about port 137 traffic logging"
- Next in thread: Moonlit: "Re: Curious about port 137 traffic logging"
- Reply: Moonlit: "Re: Curious about port 137 traffic logging"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
