General discussion

Locked

possible IIS exploit on Linux

By guilbaultf ·
Any one see their httpd logs filling up with following queries:
SEARCH ????????????????????

almost appears as DoS attempts

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by sgt_shultz In reply to possible IIS exploit on L ...

does sasser do that?

Collapse -

by guilbaultf In reply to possible IIS exploit on L ...

Not to my knowledge. sasser would drop invisible exe in root of xp & w2k.

Collapse -

by Joseph Moore In reply to possible IIS exploit on L ...

Naw, now Sasser. It doesn't do any port 80 connections.
I looked through my web server logs for the past 3 days, and nothing in there like this.
Do you have the SEARCH verb enabled, or turned off?

Collapse -

by guilbaultf In reply to possible IIS exploit on L ...

Do you have the SEARCH verb enabled, or turned off?

How, where do I do this?

Collapse -

by peeyush_maurya In reply to possible IIS exploit on L ...

it does look like a DoS attack...

look in ur logs.....

see who had telneted on ur box..do u have any user which was not created by u.....chk ur network traffic see if its same or increased

Regards,
Peeyush Maurya
http://www.peeyush.tk/

Back to Linux Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums