Thanks Aaron. Does this report to the isp of their customers' doings need to be in some sort of special format with a special subject line, or is it just supposed to be an plain e-mail describing what's been happening along with the relevant parts of the logs? Greg On Mon, Jun 10, 2002 at 10:29:33AM +1000, Aaron Howell wrote: > Its an attack attempt all right, but nothing you need to worry about. > Its an attempt to exploit a buffer overflow (of which there are thousands) in Internet Information Services (the default windows web server). > It is likely that the person (or persons) launching this attack are simply scanning for any open web server and then trying that query, > the fact that you're running Linux, not Windows, and are thus immune probably isn't important to them. > The best way of dealing with activity like this is to cut the relevant bits of your log out, > find out the isp that owns the block of ips from which the attack originates, > and send your logs (along with your timezone so they can match against their records) to abuse at that.isp. > That's usually enough to get the offenders' account shut down. > Regards > Aaron
