Help
Page 1 of 1
My IIS WEB Site Log Files (I am in worries)...
#2
clutch 
- Carpal Tunnel
-
- Group: Moderators
- Posts: 3859
- Joined: 29-March 00
Posted 05 November 2002 - 01:29 AM
Looks like a Code-Red style attack. If you install IISLockdown (or at least URLScan) from MS that will harden IIS to that type of attack and reject those URLs.
IISLockdown
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/tools/locktool.asp
URLScan (my fav)
http://support.microsoft.com/default.aspx?scid=KB;EN-US;q307608&id=307608&sd=tech
IISLockdown
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/tools/locktool.asp
URLScan (my fav)
http://support.microsoft.com/default.aspx?scid=KB;EN-US;q307608&id=307608&sd=tech
#4
Butternuts
- stranger
- Group: Members
- Posts: 15
- Joined: 04-November 02
Posted 06 November 2002 - 02:43 AM
The Fact your giving out 404 errors shows that it is not finding what it wants. If those were not there. . . . .worry.
#5
iks
- member
- Group: Members
- Posts: 134
- Joined: 02-August 01
Posted 06 November 2002 - 03:08 AM
Hi!
Yeah IIS was giving out 404, that's good but some of them were 500 (Internal Server Error) and so on...
Okay now I've got one more question:
When I try to telnet to my XP box via port 17 I get this strange qotations... They are making me a little worried:
Okay what is this? Some of my friends are having the same 'problem' but not my brother (he is not running IIS). On port 17 I see TCPSVCS.EXE application.
Thanks for everything,
Yeah IIS was giving out 404, that's good but some of them were 500 (Internal Server Error) and so on...
Okay now I've got one more question:
When I try to telnet to my XP box via port 17 I get this strange qotations... They are making me a little worried:
Code:
iks@iksbox2:~$ telnet <my_domain> 17 Trying <my_IP>... Connected to <my_domain>. Escape character is '^]'. "We have no more right to consume happiness without producing it than to consume wealth without producing it." George Bernard Shaw (1856-1950) Connection closed by foreign host. iks@iksbox2:~$ telnet <my_domain> 17 Trying <my_IP>... Connected to <my_domain>. Escape character is '^]'. "The secret of being miserable is to have leisure to bother about whether you are happy or not. The cure for it is occupation." George Bernard Shaw (1856-1950) Connection closed by foreign host. iks@iksbox2:~$ telnet <my_domain> 17 Trying <my_IP>... Connected to <my_domain>. Escape character is '^]'. "When a stupid man is doing something he is ashamed of, he always declares that it is his duty." George Bernard Shaw (1856-1950) Connection closed by foreign host. iks@iksbox2:~$ telnet <my_domain> 17 Trying <my_IP>... Connected to <my_domain>. Escape character is '^]'. "Man can climb to the highest summits, but he cannot dwell there long." George Bernard Shaw (1856-1950) Connection closed by foreign host.
Okay what is this? Some of my friends are having the same 'problem' but not my brother (he is not running IIS). On port 17 I see TCPSVCS.EXE application.
Thanks for everything,
#6
clutch
- Carpal Tunnel
-
- Group: Moderators
- Posts: 3859
- Joined: 29-March 00
Posted 06 November 2002 - 04:27 AM
Judging by the quotes and the port, I would say that's going to be the Quote of the Day Protocol (QOTD) at work. Just block that (and any other) unused port. Here is a list of ports and what they are (normally) used for:
http://www.iana.org/assignments/port-numbers
http://www.iana.org/assignments/port-numbers
Share this topic:
Page 1 of 1