Re: Urgent please!!!
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 14 Feb 2002 06:44:39 -0800
Those are Nimda scans.
Since the response code is "401", ISA tried to allow the request, but
authorization failure stopped it.
ISA should be blocking those with a 1220x response. How are you publishing
your web sites; IP or name?
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: "Vinaykumar G" <G.Vinay@xxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, February 13, 2002 22:41
Subject: [isalist] Urgent please!!!
http://www.ISAserver.org
Hi All,
Iam using ISA server in Integrated mode and have published some
webservers behind it and I reguralry check the ISA logs and strangely I
found the following
entries in my ISA log............ What are these entries? please let me know
urgently............
anonymous w3proxy ISA
http://www/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir - -
401 - - -
-anonymous GET
http://www/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir - -
401 - - -
Regards,
vinay.
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
