PDA

wnt2k server 的問題?



贊助商連結

bgbg
2001-08-19, 08:33 PM
blue :confused: 請問個位高手!我輸入"netstat -n"出現下列!正常嗎
[CODE] Proto Local Address Foreign Address State
TCP 61.216.139.233:1802 61.216.139.233:389 SYN_SENT
TCP 61.216.139.233:1803 61.216.139.233:389 SYN_SENT
TCP 61.216.139.233:1804 61.216.139.233:389 SYN_SENT
TCP 61.216.139.233:1805 61.216.139.233:389 SYN_SENT
TCP 127.0.0.1:389 127.0.0.1:1062 ESTABLISHED
TCP 127.0.0.1:389 127.0.0.1:1080 ESTABLISHED
TCP 127.0.0.1:389 127.0.0.1:1728 ESTABLISHED
TCP 127.0.0.1:389 127.0.0.1:1733 ESTABLISHED
TCP 127.0.0.1:389 127.0.0.1:1785 ESTABLISHED
TCP 127.0.0.1:1026 127.0.0.1:1084 ESTABLISHED
TCP 127.0.0.1:1026 127.0.0.1:1114 ESTABLISHED
TCP 127.0.0.1:1037 127.0.0.1:389 CLOSE_WAIT
TCP 127.0.0.1:1062 127.0.0.1:389 ESTABLISHED
TCP 127.0.0.1:1080 127.0.0.1:389 ESTABLISHED
TCP 127.0.0.1:1084 127.0.0.1:1026 ESTABLISHED
TCP 127.0.0.1:1107 127.0.0.1:389 CLOSE_WAIT
TCP 127.0.0.1:1114 127.0.0.1:1026 ESTABLISHED
TCP 127.0.0.1:1728 127.0.0.1:389 ESTABLISHED
TCP 127.0.0.1:1733 127.0.0.1:389 ESTABLISHED
TCP 127.0.0.1:1785 127.0.0.1:389 ESTABLISHED

小弟以至微軟更新至pack2了、為什麼一連上線、我的記錄檔就會出現這個。
而防火牆偵測到prot 80有不明ip要進來、如果我用防火牆攔下時、記錄檔就無此計錄、如果浪它通過就會初現下面的記錄、請問我該怎麼辦,請高手指點迷經、小弟在此感激不盡。(小弟是使用iis5.0架web的,防火強是norton的)
61.216.135.214- - [03/Aug/2001:23:00:51 +0800] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 275

贊助商連結

evan
2001-08-19, 09:32 PM
hi!DEAR
我也遇到這個問題耶....
這好像是coderad的餘毒吧!
我將2000重新安裝,上sp1--->Sp2---->PRE-sp3
然後重新連線,WEB就正常了....
可能是iis曾被開過後門,有些程序被更動,但又不知哪裡被更動過.....
所以要修改也沒方法改,so我是重灌啦!你的話看你囉.....
愈來愈不放心微軟了,這顆樹太大了....
bgbg
2001-08-20, 02:27 PM
最初由 evan
hi!DEAR
我也遇到這個問題耶....
這好像是coderad的餘毒吧!
我將2000重新安裝,上sp1--->Sp2---->PRE-sp3
然後重新連線,WEB就正常了....
可能是iis曾被開過後門,有些程序被更動,但又不知哪裡被更動過.....
所以要修改也沒方法改,so我是重灌啦!你的話看你囉.....
愈來愈不放心微軟了,這顆樹太大了....
:confused: 高手大哥,泥說泥以更新
到sp3了ㄛ、請問可以給我嗎、微卵有發佈嗎:confused:
milwater
2001-08-20, 05:14 PM
恭喜你了, 中了最流行的"紅色警戒(Code Red)"囉
解決方法:
http://www.pczone.com.tw/showthread.php?t=18366
;)
october
2001-08-22, 11:36 PM
最初由 bgbg
blue :confused: 請問個位高手!我輸入"netstat -n"出現下列!正常嗎
[CODE] Proto Local Address Foreign Address State
TCP 61.216.139.233:1802 61.216.139.233:389 SYN_SENT
TCP 61.216.139.233:1803 61.216.139.233:389 SYN_SENT
TCP 61.216.139.233:1804 61.216.139.233:389 SYN_SENT
TCP 61.216.139.233:1805 61.216.139.233:389 SYN_SENT
TCP 127.0.0.1:389 127.0.0.1:1062 ESTABLISHED
TCP 127.0.0.1:389 127.0.0.1:1080 ESTABLISHED
TCP 127.0.0.1:389 127.0.0.1:1728 ESTABLISHED
TCP 127.0.0.1:389 127.0.0.1:1733 ESTABLISHED
TCP 127.0.0.1:389 127.0.0.1:1785 ESTABLISHED
TCP 127.0.0.1:1026 127.0.0.1:1084 ESTABLISHED
TCP 127.0.0.1:1026 127.0.0.1:1114 ESTABLISHED
TCP 127.0.0.1:1037 127.0.0.1:389 CLOSE_WAIT
TCP 127.0.0.1:1062 127.0.0.1:389 ESTABLISHED
TCP 127.0.0.1:1080 127.0.0.1:389 ESTABLISHED
TCP 127.0.0.1:1084 127.0.0.1:1026 ESTABLISHED
TCP 127.0.0.1:1107 127.0.0.1:389 CLOSE_WAIT
TCP 127.0.0.1:1114 127.0.0.1:1026 ESTABLISHED
TCP 127.0.0.1:1728 127.0.0.1:389 ESTABLISHED
TCP 127.0.0.1:1733 127.0.0.1:389 ESTABLISHED
TCP 127.0.0.1:1785 127.0.0.1:389 ESTABLISHED

小弟以至微軟更新至pack2了、為什麼一連上線、我的記錄檔就會出現這個。
而防火牆偵測到prot 80有不明ip要進來、如果我用防火牆攔下時、記錄檔就無此計錄、如果浪它通過就會初現下面的記錄、請問我該怎麼辦,請高手指點迷經、小弟在此感激不盡。(小弟是使用iis5.0架web的,防火強是norton的)
61.216.135.214- - [03/Aug/2001:23:00:51 +0800] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 275




呵呵!!安安的啦,左邊的是你輸出位址及port,右邊為遠端位址及port,只要你上網,就會有對應網路ip,只要左邊port不是80,就不是有cordred入侵的啦,只是送垃圾封包砸你的啦