subject: (Fwd) RE: Web server crashed, now is trying to contact an IP b posted: Sat, 23 Aug 2003 02:12:02 +0100
------- Forwarded message follows -------
From: lsi <[email protected]>
To: "Wajid" <[email protected]>
Subject: RE: Web server crashed, now is trying to contact an IP by port 80 every morning.
Send reply to: [email protected]
Date sent: Sat, 23 Aug 2003 02:10:11 +0100
Hi there,
Sorry for the delay. Start taskmgr with the following sample AT command:
at 03:07 /interactive /every:m,t,w,th,f,s,su
c:\winnt\system32\taskmgr.exe
Cheers for now.
Stuart :)
On 26 Feb 2003 at 21:46, Wajid wrote:
From: "Wajid" <[email protected]>
To: <[email protected]>
Subject: RE: Web server crashed, now is trying to contact an IP by port 80 every morning.
Date sent: Wed, 26 Feb 2003 21:46:31 -0000
> How do you start taskmgr with an AT command?
>
> Regards,
> W
>
> -----Original Message-----
> From: lsi [mailto:[email protected]]
> Sent: 25 February 2003 00:30
> To: Dan Harpold
> Cc: [email protected]
> Subject: Re: Web server crashed, now is trying to contact an IP by port 80
> every morning.
>
> Hi Dan,
>
> I'd monitor which process initiates the transfer by using a program such as
> FPORT.
>
> http://www.mamma.com/Mamma?timeout=4&lang=1&affiliate_id=9282&query=fport >
> Then you can terminate the process and delete the executable, etc.
>
> If you can't terminate the process because it has SYSTEM privileges, start
> the Task Manager with an AT
> command (set it for two minutes into the future). Task Manager will then
> also be running as SYSTEM, and
> allow you to kill the process.
>
> Cheers for now.
> Stuart
>
> On 23 Feb 2003 at 21:20, Dan Harpold wrote:
>
> Subject: Web server crashed, now is trying to contact an IP
> by port 80 every morning.
> Date sent: Sun, 23 Feb 2003 21:20:01 -0600
> From: "Dan Harpold" <[email protected]>
> To: <[email protected]>
>
> > My web server crashed the other day. Got a blue screen and on reboot
> > NTLDR was missing. I reinstalled and reformatted the drive. Simple W2K
> > Server with IIS 5 and current service packs. It sits in a DMZ.
> >
> > Now, each morning (only 2 days so far) at 12:00:45 AM, the machine is
> > trying to contact an outside server via HTTP. The external request,
> > which is being blocked by my firewall, is trying to go to 64.0.96.14. It
> > logs about fifteen attempts over the next ten seconds, then doesn't
> > appear until the next morning.
> >
> > Any thoughts?
> >
> > Dan
> >
> >
> >
> ----------------------------------------------------------------------------
> >
> >
Lose another weekend managing your IDS?
> > Take back your personal time.
> > 15-day free trial of StillSecure Border Guard.
search: