> These two addresses are probing my webservers to attempt to exploit a Microsoft > vulnerability, looking for root.exe or cmd.exe. Whoever owns them should pull the > plug and clean them up: > > 35.8.224.89 bard.cal.msu.edu > 35.8.195.155 han-lab4.for.msu.edu Gene, Since there's not a high likelihood that the sysadmins for these systems will be following MSUNAG, it would be best to send things like this to [log in to unmask], unless you want to track down the sysadmins or netadmins yourself. Doug Doug Nelson [log in to unmask] Network Manager Ph: (517) 353-2980 Computer Laboratory Michigan State University