|
Home > Archive > IIS Server Security > September 2005 > Lsass error - Possible IIS breaking through web request
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Lsass error - Possible IIS breaking through web request
|
|
| c_koeber@myrealbox.com 2005-09-01, 6:02 pm |
| Dear All,
I have an issue with one of my servers running Windows 2003 Server
SP1 crashing with an lsass error:
("The instruction at "0x742ea411" referenced memory at "0x0000000c".
The memory could not be "read")
I believe I narrowed the problem down to the website that I have
running on port 80. The reason is because the time frame of the errors
and the requests all come around the same time. Below is a portion of
my log with all of the bad requests. (Extended W3C - All Options
Checked). I noticed that ALL the bad requests com from the same primary
carrier - Comcast - and that they all come from some computer systems
in the Maryland area. This particular request baffles me, because I
banned this ip address before, so I don't understand why it could of
messed me up.
-----This is the bad request-----------
2005-08-31 03:47:27 W3SVC1 KITCHEN-COMP 192.168.2.3 GET / - 80 -
68.33.94.180 HTTP/1.0 - - - 68.33.170.14 403 6 64 0 5697 343
-----End Bad Request-------------------
2005-08-31 04:02:45 W3SVC1 KITCHEN-COMP 192.168.2.3 GET / - 80 -
68.145.171.147 HTTP/1.0 - - - 68.33.170.14 500 0 64 0 5697 406
2005-08-31 04:17:21 W3SVC1 KITCHEN-COMP 192.168.2.3 GET / - 80 -
68.33.94.180 HTTP/1.0 - - - 68.33.170.14 403 6 64 0 5697 125
2005-08-31 04:25:34 W3SVC1 KITCHEN-COMP 192.168.2.3 GET / - 80 -
68.33.25.206 HTTP/1.0 - - - 68.33.170.14 403 6 64 0 5697 93
I solved an lsass issue I had before with a firewall setup, but I need
port 80 open (of course)
My question is what I should do?
Anything will help
Sincerely,
Christopher Koeber
| |
| Bernard Cheah [MVP] 2005-09-06, 2:52 am |
| Replied in .windows.security newsgroup.
status code is 403.6 - IP address rejected.
I don't quite get your question. IIS is not working ?
machine patch up todate and no virus ?
--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://www.msmvps.com/bernard/
<c_koeber@myrealbox.com> wrote in message
news:1125610422.985809.250670@z14g2000cwz.googlegroups.com...
> Dear All,
> I have an issue with one of my servers running Windows 2003 Server
>
> SP1 crashing with an lsass error:
> ("The instruction at "0x742ea411" referenced memory at "0x0000000c".
> The memory could not be "read")
>
>
> I believe I narrowed the problem down to the website that I have
> running on port 80. The reason is because the time frame of the errors
> and the requests all come around the same time. Below is a portion of
> my log with all of the bad requests. (Extended W3C - All Options
> Checked). I noticed that ALL the bad requests com from the same primary
>
> carrier - Comcast - and that they all come from some computer systems
> in the Maryland area. This particular request baffles me, because I
> banned this ip address before, so I don't understand why it could of
> messed me up.
>
>
> -----This is the bad request-----------
> 2005-08-31 03:47:27 W3SVC1 KITCHEN-COMP 192.168.2.3 GET / - 80 -
> 68.33.94.180 HTTP/1.0 - - - 68.33.170.14 403 6 64 0 5697 343
> -----End Bad Request-------------------
>
>
> 2005-08-31 04:02:45 W3SVC1 KITCHEN-COMP 192.168.2.3 GET / - 80 -
> 68.145.171.147 HTTP/1.0 - - - 68.33.170.14 500 0 64 0 5697 406
> 2005-08-31 04:17:21 W3SVC1 KITCHEN-COMP 192.168.2.3 GET / - 80 -
> 68.33.94.180 HTTP/1.0 - - - 68.33.170.14 403 6 64 0 5697 125
> 2005-08-31 04:25:34 W3SVC1 KITCHEN-COMP 192.168.2.3 GET / - 80 -
> 68.33.25.206 HTTP/1.0 - - - 68.33.170.14 403 6 64 0 5697 93
>
>
> I solved an lsass issue I had before with a firewall setup, but I need
> port 80 open (of course)
>
>
> My question is what I should do?
>
>
> Anything will help
>
>
> Sincerely,
> Christopher Koeber
>
|
|
|
|
|