From owner-freebsd-stable  Thu Dec 27 18:53:46 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from pr0n.kutulu.org (pr0n.kutulu.org [151.196.107.157])
	by hub.freebsd.org (Postfix) with ESMTP id DEEC737B416
	for <stable@FreeBSD.ORG>; Thu, 27 Dec 2001 18:53:43 -0800 (PST)
Received: from cc191573g (cc191573-g.longhill1.md.home.com [24.37.104.136])
	by pr0n.kutulu.org (Postfix) with SMTP
	id 7E7D9E2; Thu, 27 Dec 2001 21:55:27 -0500 (EST)
Message-ID: <00be01c18f62$d67b5b20$88682518@cc191573g>
From: "Kutulu" <kutulu@kutulu.org>
To: "Peter Ong" <peter@haloflightleader.net>, <stable@FreeBSD.ORG>
References: <013a01c18f48$f156cf20$0101a8c0@haloflightleader.net>
Subject: Re: Trying NT Hacks
Date: Thu, 27 Dec 2001 21:45:20 -0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

From: "Peter Ong" <peter@haloflightleader.net>
Sent: Thursday, December 27, 2001 6:39 PM


> I don't know what it is with some people.  I post my site here today
because
> I was wondering about why the initial page was gibberrish, and then I get
> crackers.  I finally get home, and I'm reviewing my log files, and I'm
> seeing some folks trying to use IIS/NT exploits on my FreeBSD machine.
It's
> infuriating.

I have some bad news for you.  Those hack attempts weren't because you
posted a URL here.  They were because you have a web server.  Put up a web
server on any IP, without so much as a DNS A record for the IP, and wait an
hour.  You'll have code red all over your logfiles.

It may or may not do much good, but try emailing the owners of some of the
IP's that hit you.  Odds are very very high that they are 'innocent' victims
running unpatched IIS servers that may not even know they're probing you.
And if they have any semblance of clue, they might fix it.

--K



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message