RE: Isa log WEBD20020729.log

• From: "Richardson, Stephan" <steric@xxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 29 Jul 2002 10:34:33 -0400

Marcio,

That looks like a Nimda scan hitting your ISA server.  Is the source IP
internal or external?  If internal, shut that host down.

If external, make sure that ALL your IIS enabled devices are secured, and
trying filtering/deny all requests with the those Nimda particular requests,
like cmd.exe etc... Configure your ISA server, and if possible, your
perimeter routers to filter/drop that stuff.

'Luck.


-----Original Message-----
From: Marcio Monteiro [mailto:mmonteiro@xxxxxxxxxx]
Sent: Monday, July 29, 2002 10:27 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Isa log WEBD20020729.log


http://www.ISAserver.org



This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

Other related posts:

• » Isa log WEBD20020729.log
• » RE: Isa log WEBD20020729.log
• » RE: Isa log WEBD20020729.log

1. Home
2. isalist
3. Archive
4. 07-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---