RE: Rules - Why does this not work
- From: "Quillman Shawn (RBNA/CIT1.1)" <Shawn.Quillman@xxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 21 Jan 2003 07:50:06 -0500
12209 is ISA's equivalent to the HTTP 407 - Proxy Authentication Required.
Those requests are being denied by the Default Rule.
-Shawn
-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CIT1.1
38000 Hills Tech Drive
Farmington Hills, MI 48331
(248) 553-1164 (P) (248) 848-2855 (F)
shawn.quillman@xxxxxxxxxxxx
-----Original Message-----
From: Raji Arulambalam [mailto:rajia@xxxxxxxxxxxxxx]
Sent: Tuesday, January 21, 2003 2:24 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Rules - Why does this not work
http://www.ISAserver.org
Hi Tom
Not sure what it means exactly, but I know the request was blocked by ISA.
Is there a document that has all these various retuen codes and their
meanings.?
BTW I have your second book and am reading thru your defense plan 4 now.
Want to set TSAC.
Cheers
---------------------------------------------
Raji Arulambalam
Systems Administrator
Environment Bay of Plenty
P O Box 364 Whakatane.
NEW ZEALAND
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Tuesday, January 21, 2003 7:23 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Rules - Why does this not work
http://www.ISAserver.org
Hi Raji,
What does that 12209 mean to you? ;-)
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
http://tinyurl.com/1jq1
http://tinyurl.com/1llp
-----Original Message-----
From: Raji Arulambalam [mailto:rajia@xxxxxxxxxxxxxx]
Sent: Tuesday, January 21, 2003 12:21 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Rules - Why does this not work
http://www.ISAserver.org
Hi
Why does not this set of configuration stop these trojans instead of
the
default rule.
Site and Content Rule Name : Stop Code Red
Description : Stop the Code Red
Enabled : True
Rule Applies to : Selected Destination Set
Destination Set Used : Stop Code Red
Access to the specified destinations : Denied
Rule Applies to : Any Request
Rule Applies to : All Content Types
Web Publishing Rule Name : Code Red
Enabled : True
Rule Applies to : Selected Destination Set
Destination Set Used : Stop Code Red
Action : Discard the request
Redirect HTTP requests as : HTTP Requests
Redirect SSL requests as : SSL Requests
Require SSL for Published Site : False
Rule Applies to : Any Request
Destination Set Name : Stop Code Red
DomainName: www
Path: /*
211.160.21.17 anonymous - N 2003-01-21 05:59:33
W3ReverseProxy CELERIS - www - - - 72
-
- TCP GET http://www/scripts/root.exe?/c+dir -
-
12209 0x0 Default rule -
211.160.21.17 anonymous - N 2003-01-21 05:59:38
W3ReverseProxy CELERIS - www - - - 70
-
- TCP GET http://www/MSADC/root.exe?/c+dir -
-
12209 0x0 Default rule -
211.160.21.17 anonymous - N 2003-01-21 05:59:40
W3ReverseProxy CELERIS - www - - - 80
-
- TCP GET http://www/c/winnt/system32/cmd.exe?/c+dir
-
- 12209 0x0 Default rule -
211.160.21.17 anonymous - N 2003-01-21 05:59:42
W3ReverseProxy CELERIS - www - - - 80
-
- TCP GET http://www/d/winnt/system32/cmd.exe?/c+dir
-
- 12209 0x0 Default rule -
24.27.90.89 anonymous - N 2003-01-21 06:01:06
W3ReverseProxy CELERIS - www - - - 72
-
- TCP GET http://www/scripts/root.exe?/c+dir -
-
12209 0x0 Default rule -
24.27.90.89 anonymous - N 2003-01-21 06:01:07
W3ReverseProxy CELERIS - www - - - 70
-
- TCP GET http://www/MSADC/root.exe?/c+dir -
-
12209 0x0 Default rule -
24.27.90.89 anonymous - N 2003-01-21 06:01:07
W3ReverseProxy CELERIS - www - - - 80
-
- TCP GET http://www/c/winnt/system32/cmd.exe?/c+dir
-
- 12209 0x0 Default rule -
24.27.90.89 anonymous - N 2003-01-21 06:01:08
W3ReverseProxy CELERIS - www - - - 80
-
- TCP GET http://www/d/winnt/system32/cmd.exe?/c+dir
-
- 12209 0x0 Default rule -
24.27.90.89 anonymous - N 2003-01-21 06:01:09
W3ReverseProxy CELERIS - www - - 15 96
-
- TCP GET
http://www/scripts/..%255c../winnt/system32/cmd.exe?/c+dir -
-
12209 0x0 Default rule -
24.27.90.89 anonymous - N 2003-01-21 06:01:10
W3ReverseProxy CELERIS - www - - - 117
-
- TCP GET
http://www/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe
?/c+
dir - - 12209 0x0 Default rule -
---------------------------------------------
Raji Arulambalam
Systems Administrator
Environment Bay of Plenty
P O Box 364 Whakatane.
NEW ZEALAND
--------------------------------------------
******************************************************
This e-mail has been checked for viruses and no viruses were detected.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rajia@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
**********************************************************************
This e-mail message has been swept for content and viruses. No viruses were
detected.
Contact the Helpdesk on extension 9CIS (9247) for assistance, if required.
******************************************************
This e-mail has been checked for viruses and no viruses were detected.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
