Security Incidents mailing list archives
Re: Tracking down the still infected hosts
From: Duncan Hill <dhill () cricalix net>
Date: Tue, 25 Sep 2001 17:05:53 -0400 (EDT)
On Tue, 25 Sep 2001, Dale Lancaster wrote:
[Tue Sep 25 16:33:41 2001] [error] [client 199.26.11.171] File does not exist: /some/where/html/_vti_bin/shtml.exe/_vti_rpc It may just be some misconfiguration in our site, but the shtml.exe seems to point to something else since we don't use .exe stuff on our site. These are flooding my site, but we get lots of them over a day.
Frontpage for *nix uses shtml.exe. Possibly an attack. -- Sapere aude My mind not only wanders, it sometimes leaves completely. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Tracking down the still infected hosts Darren Windham (Sep 24)
- Re: Tracking down the still infected hosts Mike Lewinski (Sep 24)
- <Possible follow-ups>
- RE: Tracking down the still infected hosts Martinez, Simon (Sep 24)
- RE: Tracking down the still infected hosts Fulton L. Preston Jr. (Sep 24)
- RE: Tracking down the still infected hosts Ryan McDonnell (Sep 25)
- Re: Tracking down the still infected hosts Kyle R. Hofmann (Sep 25)
- Re: Tracking down the still infected hosts Tina Bird (Sep 25)
- Re: Tracking down the still infected hosts Skip Carter (Sep 25)
- Re: Tracking down the still infected hosts Kyle R. Hofmann (Sep 25)
- Re: Tracking down the still infected hosts Dale Lancaster (Sep 25)
- Re: Tracking down the still infected hosts Duncan Hill (Sep 25)
- Re: Tracking down the still infected hosts Josh Burroughs (Sep 25)
- Message not available
- Re: Tracking down the still infected hosts Nicole Haywood (Sep 25)
- Re: Tracking down the still infected hosts Ryan Russell (Sep 25)