Feature Pack 1 - URLScan

• From: Raji Arulambalam <rajia@xxxxxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 26 Feb 2003 12:45:10 +1300

Hi

What needs adding to the URLSCAN.ini file to catch these attacks.??

217.96.188.1    anonymous       -       N       2003-02-25      23:33:19
w3proxy CELERIS -       www     -       -       -       96      3551    http
TCP     GET     http://www/scripts/..%252f../winnt/system32/cmd.exe?/c+dir
-       -       502     -       -       -

I have added these various combinations  '.exe?' , '?/' , '/c+' to the ini
file, but non seem to catch this. 
I want to remove this so it does not clog up my iis server logs.

Any clues.????


---------------------------------------------
  Raji Arulambalam       
  Systems Administrator          
  Environment Bay of Plenty 
  P O Box 364 Whakatane.
  NEW ZEALAND  
--------------------------------------------




******************************************************
This e-mail has been checked for viruses and no viruses were detected.

Other related posts:

• » Feature Pack 1 - URLScan
• » RE: Feature Pack 1 - URLScan
• » RE: Feature Pack 1 - URLScan
• » RE: Feature Pack 1 - URLScan

1. Home
2. isalist
3. Archive
4. 02-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---