Ignore it - its just red alert or another IIS infected machine searching for more uncompromised targets.
Don't start blocking IP ranges or anything, that doesn't really help in the long run. Anyway - I don't want my firewall to start reading into the packets... Better to do that with the web server... You could read the IP of any machine that asks for cmd.exe or whatever and drop their requests for 10 minutes or something... Or just live with it :) -----Original Message----- From: Hamish McBrearty [mailto:[EMAIL PROTECTED] Sent: Thursday, 15 April 2004 3:09 p.m. To: [EMAIL PROTECTED] Subject: Damn webserver scans Hi all I'm sure any of us here who administrer a website have seen these scans that come in every hour of the day looking for "cmd.exe" or "default.ida" and so on. After a bit of Googling about this I've noticed that there are two schools of thought, those who laugh and say that's an IIS exploit and I'm Apache, and those who get annoyed by this an try to put a stop to it with iptables and the like. What do those of us in CLUG do? Laugh or fight back?
