Looking at the daily m$ advisories, i can tell for sure that cmd.exe can
be used on ANY IIS server configured without care, and that's at least
30% of the machines available out there ...
On Fri, 2001-11-16 at 14:22, Niall O Broin wrote:
> Just had a look in the log file to which accesses to one of my web server
> box's IP address goes i.e. requests not to one of the hosted domains. Since
> Sept. there have been 23000+ attempts to get cmd.exe to do something and
> 4000+ attempts to find root.exe, and this is just on one lonely little box.
> I wonder do script kiddies' attempts now use up more bandwidth than porn ?
>> And do some poor suckers actually have IIS boxes configured in such a way
> that you can execute arbitray commands just by calling cmd.exe ?
> Irish Linux Users' Group: ilug at linux.ie>http://www.linux.ie/mailman/listinfo/ilug for (un)subscription information.
> List maintainer: listmaster at linux.ie--
"Linux philosophy: Do it Yourself" L. Torvalds
Stephane Dudzinski Systems Administrator
a n t e f a c t o t: +353 1 8586009
www.antefacto.com f: +353 1 8586014
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!