-----Original Message-----
From: Tony Turk [mailto:u4ia982_at_hotmail.com]
Sent: Sunday, December 31, 2000 11:57 AM
To: bhodi_at_BIGFOOT.COM
Subject: Re: Win2k hack attempt
Definately looks like msadc RDS flaw. Based on the logs, I have seem to
have ruled out unicode. I have tried so called "0-day" unicode exploits
(via perl, etc) and the logs made by that are quite different. You actually
see the unicode string value in the log. I didn't recognize any real
unicode strings in that. There is a great IIS hardening guide here:
http://www.shebeen.com/iis4_nt4sec.htm You really should be all sealed up
if you follow this guide. Even if you miss a few steps, it is still pretty
much rock solid as far as I could tell. Good luck.
Tony Turk
> Hi list,
>
> Please give your opinion its a bit wierd...
> Hacking attempt on my win2k server, please try to tell me what is wrong
>with my
> system what is the hacking method taken ? and any other useful
>information
>will be great.
> I patched myself with all the patches available.
>
> the log is attached.
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
Received on Jan 01 2001
Intro
