is this an attack attempt?
Gregory Nowak
greg at romualt.dhs.org
Sun Jun 9 22:02:31 EDT 2002
Thanks Aaron. Does this report to the isp of their customers' doings need to be in some sort of special format with a special subject line, or is it just supposed to be an plain e-mail describing what's been happening along with the relevant parts of the logs?
Greg
On Mon, Jun 10, 2002 at 10:29:33AM +1000, Aaron Howell wrote:
> Its an attack attempt all right, but nothing you need to worry about.
> Its an attempt to exploit a buffer overflow (of which there are thousands) in Internet Information Services (the default windows web server).
> It is likely that the person (or persons) launching this attack are simply scanning for any open web server and then trying that query,
> the fact that you're running Linux, not Windows, and are thus immune probably isn't important to them.
> The best way of dealing with activity like this is to cut the relevant bits of your log out,
> find out the isp that owns the block of ips from which the attack originates,
> and send your logs (along with your timezone so they can match against their records) to abuse at that.isp.
> That's usually enough to get the offenders' account shut down.
> Regards
> Aaron
More information about the Speakup
mailing list