RE: Interesting Log entry
- From: "Thomas W. Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 19 Jul 2001 17:10:47 -0500
Hi Jim,
It's a good thing I disabled that rule before this happened :-)
Tom
www.isaserver.org/shinder
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Thursday, July 19, 2001 5:06 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Interesting Log entry
http://www.ISAserver.org
The good news is that ISA won't let it pass unless you've added that
request to a destination set and published a web server based on it.
Figure the odds?
Jim Harrison
MCP(2K), A+, Network+, PCG
----- Original Message -----
From: "Franz J Ehrengruber" <franz@xxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, July 19, 2001 2:18 PM
Subject: [isalist] RE: Interesting Log entry
http://www.ISAserver.org
Thank you ladies and gentlemen to bring above topic to
my attention.
Two of our servers were affected for the last 7 hours.
If it wasn't for this list, it would have taken me a lot
longer to stop this nasty attack.
Please, would everyone apply this patch:
http://www.zdnet.com/zdnn/stories/news/0,4586,5094345,00.html
now, before it is to late. That Code Red worm is spreading rapidly.
Many Thanks to all of you.
Franz J Ehrengruber
MD
IP Telenet UK
franz@xxxxxxxxxxxxx
----- Original Message -----
From: "TRIEU, KENNY" <KTRIEU@xxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, July 19, 2001 9:11 PM
Subject: [isalist] RE: Interesting Log entry
> http://www.ISAserver.org
>
>
>
> I think it's related to the IIS server attack that happen in the last
> few days. Check the following link for more information
> http://www.zdnet.com/zdnn/stories/news/0,4586,5094345,00.html
>
>
>
> -----Original Message-----
> From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
> Sent: Thursday, July 19, 2001 1:02 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Interesting Log entry
>
>
> http://www.ISAserver.org
>
>
> Anyone see a log entry like this recently in their web proxy log?
>
> 204.112.136.51, anonymous, -, N, 7/19/2001, 14:53:54, W3ReverseProxy,
> MIDAS, -, www.worm.[inserted so you don't hurt yourself]com, -, 0,
> 360, 4039, 0, -, TCP, GET, http://www.worm.com[inserted so you don't
> hurt
>
yourself]/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
>
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
>
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
>
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3
>
%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b
> %u53ff%u0078%u0000%u00=a, -, -, 12202, 0x0, Default rule, -
>
> -----Original Message-----
> From: Thomas W. Shinder
> Sent: Thursday, July 19, 2001 2:05 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: isalist
>
>
> http://www.ISAserver.org
>
>
> Hey Everyone,
>
> Stephen is the engine that makes the entire Isaserver.org organizaton
> run. He's the guy that does the stuff behind the scenes, and without
> his leadership, we all wouldn't have the great resources we have in
> www.isaserver.org!
>
> Three cheers for Stephen!
>
> HTH,
> :-)
>
> Tom
> www.isaserver.org/shinder
>
>
> Thomas W Shinder, M.D., MCSE, MCT
>
> -----Original Message-----
> From: David Dellanno [mailto:david@xxxxxxxxxx]
> Sent: Thursday, July 19, 2001 1:39 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] isalist
>
>
>
> -A Jedi's life (Network Admin's life)
>
> ...it will be a hard life..one without reward...without
> remorse....without regret. A path will be place before you... the
> choose is yours alone...do what your think you cannot do. It will be
a
> hard life...but you will find out who... you really are.....
>
> "Qui-Gon Jinn"
>
> Keep up the good work Steve!
> David V. Dellanno
> msdemo.net
> (Cel.) 678.778.7220
> (Res.) 770.736.8794
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
> $subst('Email.Unsub')
> To customise your settings for the list, kindly visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> ktrieu@xxxxxxxxxxxxxxxx To unsubscribe send a blank email to
> $subst('Email.Unsub')
> To customise your settings for the list, kindly visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
>
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
franz@xxxxxxxxxxxxx
> To unsubscribe send a blank email to
> $subst('Email.Unsub')
> To customise your settings for the list, kindly visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
>
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
To customise your settings for the list, kindly visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
To customise your settings for the list, kindly visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Other related posts:
