Hi Fei,
Not sure how much you can do with PIX, just go to Micro$oft web site, search
for URLScan, download it and install on you Web server.
This nice URL checker will block all this crap
Hope this helps
Alex Kvasnytskyy
Lan Admin
DSC
> -----Original Message-----
> From: Fei Yang [mailto:[EMAIL PROTECTED]]
> Sent: Monday, April 08, 2002 14-56
> To: [EMAIL PROTECTED]
> Subject: Attack through Port 80
>
>
> Last week I checked our IIS web server's log file and found
> the following attack logs. I am using a Cisco PIX and opened
> port 80 for our web server. Could anyone tell me what kind of
> attack these are and how to block them out of my network by PIX?
>
> #Fields: date time c-ip cs-username s-ip s-port cs-method
> cs-uri-stem cs-uri-query sc-status cs(User-Agent)
> 2002-03-29 01:39:24 24.157.182.174 - 24.157.93.95 80 GET
> /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
> 2002-03-29 01:39:24 24.157.182.174 - 24.157.93.95 80 GET
> /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
> 2002-03-29 01:39:24 24.157.182.174 - 24.157.93.95 80 GET
> /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
> 2002-03-29 01:39:24 24.157.182.174 - 24.157.93.95 80 GET
> /scripts/..%2f../winnt/system32/cmd.exe /c+dir 500 -
>
> Thansk,
> Fei.
>
>
>
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewal> ls
>
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
