Hi Greg, I looked at 'em, or at least tried to. But the pix were so small I couldn't' make any of them out. Anyhow, Code Red can't get in unless: 1. You created a Destination Set and are publishing at www.worm.com or 2. Unresolved requests for www are resolving to a published Destination Set. Hopefully, your logs are showing 404 errors for the requests. HTH, Tom www.isaerver.org/shinder -----Original Message----- From: Greg Foulks [mailto:greg.foulks@xxxxxxxx] Sent: Wednesday, March 13, 2002 12:33 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Explicit Deny does not work, why? http://www.ISAserver.org Well I see some of you have looked at the screen shots... anybody have and clues why these requests are still getting through? Thanks, Greg Foulks, MCP NewFound Technologies, Inc. http://www.nfti.com Email: greg.foulks@xxxxxxxx Voice: 614.318.5036 Fax: 614.318.5005 -----Original Message----- From: Greg Foulks [mailto:greg.foulks@xxxxxxxx] Sent: Wednesday, March 13, 2002 11:58 AM To: [ISAserver.org Discussion List] Subject: [isalist] Explicit Deny does not work, why? http://www.ISAserver.org I've created a series of deny paths (incoming and outgoing) to block any code red attempts from coming into and out of our ISA server. Please see the attached files 1) Snap shot of the ISA server Destination Set and Content Rules. http://www.nfti.com/screen_shot.htm 2) Below A snap shot of our logs showing the requests are still being passed. Can anyone help to explain why the requests are still being allowed through? Thanks, Greg Foulks, MCP NewFound Technologies, Inc. http://www.nfti.com Email: greg.foulks@xxxxxxxx Voice: 614.318.5036 Fax: 614.318.5005 Server (500 Series) Errors Detail Error Code, Timestamp and URL Occurrences % of 5xx Errors 50003/10/2002 05:09:53/scripts/..\../winnt/system32/cmd.exe?/c+dir 1 10.00% 50003/10/2002 05:09:54/scripts/..\../winnt/system32/cmd.exe?/c+dir 3 30.00% 50003/10/2002 05:09:54/scripts/../../winnt/system32/cmd.exe?/c+dir 1 10.00% 50003/10/2002 09:50:31/scripts/..\../winnt/system32/cmd.exe?/c+dir 1 10.00% 50003/10/2002 09:50:34/scripts/../../winnt/system32/cmd.exe?/c+dir 1 10.00% 50003/10/2002 09:50:34/scripts/..\../winnt/system32/cmd.exe?/c+dir 3 30.00% Total for Errors Above 10 100.00% Greg Foulks, MCP NewFound Technologies, Inc. http://www.nfti.com Email: greg.foulks@xxxxxxxx Voice: 614.318.5036 Fax: 614.318.5005 ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: greg.foulks@xxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')