OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Reilly (reillyspeakeasy.org)
Date: Mon Nov 12 2001 - 22:31:16 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    oops... sorry. I meant UNICODE directory traversal... wrong rant.

    Thanks for the nudge in the right direction HC.

    -----Original Message-----
    From: H C [mailto:keydet89yahoo.com]
    Sent: Monday, November 12, 2001 4:41 PM
    To: reillyspeakeasy.net
    Subject: Re: Nimda Infections

    Reilly,

    I'm not sure I understand what you're talking about.
    You mention Nimda, and then you mention the .hta/.htq
    vulnerability. I'm not clear on what one has to do
    with the other. Nimda doesn't take advantage of that
    particular vulnerability to IIS web servers.

    Thanks,

    Carv

    --- reillyspeakeasy.net wrote:
    > It's amazing to me when I see the amount of systems
    > still infected with Nimda. In today's logs I see a
    > huge amount of systems in the ATT network that are
    > still banging away. I can't even give you the
    > amount of systems that I'm seeing from China. What
    > is so difficult about patching your system against
    > the .hta, .htq vuln. I don't mean to go off on a
    > rant but am I the only one that feels this way? Is
    > everyone else seeing the same activity?
    >
    >
    > AT&T
    > 12.101.62.4
    > 12.102.47.51
    > 12.103.156.10
    > 12.103.159.94
    > 12.64.128.3
    > 12.64.134.199
    > 12.72.139.96
    > 12.73.5.135
    > 12.74.161.194
    > 12.75.41.165
    > 12.77.146.214
    > 12.77.148.241
    > 12.77.151.250
    > 12.78.144.115
    > 12.81.109.130
    > 12.81.120.25
    > 12.81.163.216
    > 12.81.2.240
    > 12.83.81.182
    > 12.83.83.74
    > 12.84.96.198
    > 12.87.145.155
    > 12.88.161.248
    > 12.88.173.180
    > 12.89.165.130
    > 12.91.118.157
    > 12.98.144.18
    > 12.99.178.250
    > 12.99.179.10
    > 12.99.28.7
    > 12.99.94.158
    >
    >
    ----------------------------------------------------------------------------
    > This list is provided by the SecurityFocus ARIS
    > analyzer service.
    > For more information on this free incident handling,
    > management
    > and tracking system please see:
    > http://aris.securityfocus.com
    >

    __________________________________________________
    Do You Yahoo!?
    Find a job, post your resume.
    http://careers.yahoo.com

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see: http://aris.securityfocus.com