At 10:35 AM 9/19/2001 +0800, Arvin V. Carlos wrote:
Yes, its either CodeBlue or Nimda trying to expolit Microsoft Web
Folder Transversal vulnerability.
.
>We have two NT 4.0 running IIS, suddenly our squid went down because of
>disk space problme, we check our log files and it eats pur disk space
>beacuse of our NT Machines try to resolv this all the time:
>255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe
>? - DIRECT/www -
>1000866350.455 1 208.142.136.115 TCP_MISS/503 1202 GET
>http://www/scripts/.
>.%c1%1c../winnt/system32/cmd.exe? - DIRECT/www -
>anyone can explain this? this is a virus? pls HELP!!!
---
Reynald I. Ngo
[EMAIL PROTECTED]
ph-callcentre - Philippine Call Centre Industry Mailing Lists
To join, send email to [EMAIL PROTECTED]
http://groups.yahoo.com/group/ph-callcentre
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
