Re: W32.Nimda Scanner script

• From: "Greg Foulks" <greg.foulks@xxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 20 Sep 2001 12:08:37 -0400

Question. I see that an anonymous connection made in my ISA server (Monitor
Section)

Looking in the log I see many of these log entries

12.32.69.18     anonymous       -       2001-09-20      16:03:14        
GATEKEEPER      -       www     10.0.0.32       80      -
96      225     http    GET
http://10.0.0.32/scripts/..%255c../winnt/system32/cmd.exe?/c+dir        Inet    
500
12.32.69.18     anonymous       -       2001-09-20      16:03:17        
GATEKEEPER      -       www     10.0.0.32       80      16
97      3396    http    GET
http://10.0.0.32/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir       Inet    
404


Can I assume by this that ISA is doing it's job?

Further how can I setup my ISA server to Block my internal users from being
infected while they browse the net?

Thanks,

Greg Foulks, MCP
NewFound Technologies, Inc.
http://www.nfti.com
Email: greg.foulks@xxxxxxxx
Voice: 614.318.5036
Fax: 614.318.5005


-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Thursday, September 20, 2001 11:47 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: W32.Nimda Scanner script


http://www.ISAserver.org


It's a .vbs script.  Rename it to W32.Nimda_scanner.vbs and run it in a
command window with "cscript w32.nimda_scanner"

Jim Harrison
MCP(2K), A+, Network+, PCG


----- Original Message -----
From: "Armando Treviño López" <armando.trevino@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, September 20, 2001 08:35
Subject: [isalist] Re: W32.Nimda Scanner script


http://www.ISAserver.org



Is that file made in Visual Basic?
To what extension do I have to rename it to make it work?
Thanks.


-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Wednesday, September 19, 2001 11:49 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: W32.Nimda Scanner script


http://www.ISAserver.org



This is a multi-part message in MIME format.

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
greg.foulks@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » W32.Nimda Scanner script
• » Re: W32.Nimda Scanner script
• » Re: W32.Nimda Scanner script
• » Re: W32.Nimda Scanner script
• » Re: W32.Nimda Scanner script
• » Re: W32.Nimda Scanner script
• » Re: W32.Nimda Scanner script
• » Re: W32.Nimda Scanner script
• » Re: W32.Nimda Scanner script
• » Re: W32.Nimda Scanner script
• » Re: W32.Nimda Scanner script
• » Re: W32.Nimda Scanner script
• » Re: W32.Nimda Scanner script
• » Re: W32.Nimda Scanner script
• » Re: W32.Nimda Scanner script
• » Re: W32.Nimda Scanner script
• » Re: W32.Nimda Scanner script
• » Re: W32.Nimda Scanner script
• » Re: W32.Nimda Scanner script
• » Re: W32.Nimda Scanner script
• » Re: W32.Nimda Scanner script

1. Home
2. isalist
3. Archive
4. 09-2001

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---