so... ive noticed this before in my webserver logs... 68.50.124.251 - - [20/Nov/2003:23:07:12 -0500] "GET /scripts/..%%35c../winnt/ system32/cmd.exe?/c+dir HTTP/1.0" 400 292
so... looks like someone it scanning for a winnt based server they can exploit to me.. anyway, obviously its not an acutal problem, but I figured maybe some of you have had simular issues, and come up with creative solutions... like with ip tables or something :) Jamie -- It's a bird.. It's a plane.. No, it's KernelMan, faster than a speeding bullet, to your rescue. Doing new kernel versions in under 5 seconds flat.. -- Linus, in the announcement for 1.3.27 _______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug