same www scripts in ISA Logs Urgent!!!

• From: Vinaykumar G <G.Vinay@xxxxxxxxx>
• To: isalist@xxxxxxxxxxxxx
• Date: Wed, 20 Feb 2002 19:25:30 -0800

Hi All,
        Iam also getting the same scripts in ISA Logs. But I see in my logs
the 401 message indicating ISA did not allow the script to be executed, is
that the case?
Below is the scripts i found in ISA Logs. What is that script
www/c/wint/system32.....    what exactly is someone trying to do, How do I
block these scripts from getting executed. Please let me know urgently.
anonymous       -       N       2002-02-20      01:21:01        w3proxy ISA
-       www     -       -       -       70      3518    http    TCP     GET
http://www/MSADC/root.exe?/c+dir        -       -       401     -       -
-
        anonymous       -       N       2002-02-20      01:21:03
w3proxy ISA     -       www     -       -       -       80      3518    http
TCP     GET     http://www/c/winnt/system32/cmd.exe?/c+dir      -       -
401     -       -       -
        anonymous       -       N       2002-02-20      01:21:05
w3proxy ISA     -       www     -       -       -       80      3518    http
TCP     GET     http://www/d/winnt/system32/cmd.exe?/c+dir      -       -
401     -       -       -
        anonymous       -       N       2002-02-20      01:21:07
w3proxy ISA     -       www     -       -       -       96      3518    http
TCP     GET     http://www/scripts/..%255c../winnt/system32/cmd.exe?/c+dir
-       -       401     -       -       -
-       -               

Regards,
vinay.

Other related posts:

• » same www scripts in ISA Logs Urgent!!!
• » Re: same www scripts in ISA Logs Urgent!!!

1. Home
2. isalist
3. Archive
4. 02-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---