Question. I see that an anonymous connection made in my ISA server (Monitor Section) Looking in the log I see many of these log entries 12.32.69.18 anonymous - 2001-09-20 16:03:14 GATEKEEPER - www 10.0.0.32 80 - 96 225 http GET http://10.0.0.32/scripts/..%255c../winnt/system32/cmd.exe?/c+dir Inet 500 12.32.69.18 anonymous - 2001-09-20 16:03:17 GATEKEEPER - www 10.0.0.32 80 16 97 3396 http GET http://10.0.0.32/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir Inet 404 Can I assume by this that ISA is doing it's job? Further how can I setup my ISA server to Block my internal users from being infected while they browse the net? Thanks, Greg Foulks, MCP NewFound Technologies, Inc. http://www.nfti.com Email: greg.foulks@xxxxxxxx Voice: 614.318.5036 Fax: 614.318.5005 -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Thursday, September 20, 2001 11:47 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: W32.Nimda Scanner script http://www.ISAserver.org It's a .vbs script. Rename it to W32.Nimda_scanner.vbs and run it in a command window with "cscript w32.nimda_scanner" Jim Harrison MCP(2K), A+, Network+, PCG ----- Original Message ----- From: "Armando Treviño López" <armando.trevino@xxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, September 20, 2001 08:35 Subject: [isalist] Re: W32.Nimda Scanner script http://www.ISAserver.org Is that file made in Visual Basic? To what extension do I have to rename it to make it work? Thanks. -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Wednesday, September 19, 2001 11:49 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: W32.Nimda Scanner script http://www.ISAserver.org This is a multi-part message in MIME format. ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: greg.foulks@xxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')