From owner-freebsd-security Thu Sep 20 9: 8:17 2001 Delivered-To: freebsd-security@freebsd.org Received: from webs1.accretive-networks.net (webs1.accretive-networks.net [207.246.154.13]) by hub.freebsd.org (Postfix) with ESMTP id EA48737B415 for ; Thu, 20 Sep 2001 09:08:13 -0700 (PDT) Received: from localhost (davidk@localhost) by webs1.accretive-networks.net (8.11.1/8.11.3) with ESMTP id f8KF4ED33252; Thu, 20 Sep 2001 08:04:15 -0700 (PDT) Date: Thu, 20 Sep 2001 08:04:14 -0700 (PDT) From: David Kirchner X-X-Sender: To: Dennis Mathiasen Cc: Subject: RE: NIMDA Virus (OT) In-Reply-To: Message-ID: <20010920080301.W85958-100000@localhost> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org That's a standard web page for an IIS server, I believe - Not actually owned by Microsoft itself. Their servers are in the 207.46 block. I haven't seen any hits from them this time. I saw *tons* from them during Code Red, though. I'm sure they took the lame approach to security though, and set up a firewall, this one to block outbound port 80 requests. On Thu, 20 Sep 2001, Dennis Mathiasen wrote: > > Also, another M$ site: 216.1.23.10 a page about the NT 4.0 Option pack is > infected. > > Sounds like a news story to me. :) > > > Fyi, in case anyone hasn't noticed, Microsoft's Frontpage site > > `http://www.microsoft.com/frontpage has been infected. > > > > wget -q http://www.microsoft.com/frontpage; tail index.html > > > > (assuming it hasn't been fixed yet) > > This has been fixed now. > > Dennis Mathiasen > dennislm@dreamscape.com > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message