Looks like the directory transversal attack. 8)
On Mon, 8 Apr 2002 10:32:47 -0400 "Fei Yang" <[EMAIL PROTECTED]> wrote: > *This message was transferred with a trial version of > CommuniGate(tm) Pro* > Last week I checked our IIS web server's log file and > found the following attack logs. I am using a Cisco PIX > and opened port 80 for our web server. Could anyone tell > me what kind of attack these are and how to block them > from my network by PIX? > > #Fields: date time c-ip cs-username s-ip s-port cs-method > cs-uri-stem cs-uri-query sc-status cs(User-Agent) > 2002-03-29 01:39:24 24.157.182.174 - 24.157.93.95 80 GET > /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - > 2002-03-29 01:39:24 24.157.182.174 - 24.157.93.95 80 GET > /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - > 2002-03-29 01:39:24 24.157.182.174 - 24.157.93.95 80 GET > /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - > 2002-03-29 01:39:24 24.157.182.174 - 24.157.93.95 80 GET > /scripts/..%2f../winnt/system32/cmd.exe /c+dir 500 - > > Thansk, > Fei. > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls "Fanaticism consists in redoubling your efforts when you have forgotten your aim." -George Santayana, Philosopher _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
