> Very frustrating. bard.cal.msu.edu is my box. It was hit by nimda in september.
> It was formatted and reloaded from a sept 8 backup, fully patched according to
> microsoft downloads and yet it has been exploited again. I am obviously missing
> something but I don't know what. I had noticed unusual activity and had the box
> off the wire before Gene's email went out. I was probed by 184.108.40.206 and
> 220.127.116.11 but my log shows 404's so I don't know how the heck they got in.
> Any help in buttoning this up would be much appreciated.
If you want, we can run our network vulnerability scans against your
system (assuming we get the proper signoffs, etc.). Just send your
request to "[log in to unmask]".
Doug Nelson [log in to unmask]
Network Manager Ph: (517) 353-2980
Michigan State University