On Wednesday 19 September 2001 10:35 am, Arvin V. Carlos wrote:
> We have two NT 4.0 running IIS, suddenly our squid went down because of
> disk space problme, we check our log files and it eats pur disk space
> beacuse of our NT Machines try to resolv this all the time:
>
<snipped>
255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe
> ? - DIRECT/www -
> 1000866350.548 2 208.142.136.115 TCP_MISS/503 1202 GET
> http://www/scripts/.
> .%c1%1c../winnt/system32/cmd.exe? - DIRECT/www -
> 1000866350.557 1 208.142.136.115 TCP_MISS/503 1202 GET
> http://www/scripts/.
> .%c0%2f../winnt/system32/cmd.exe? - DIRECT/www -
>
> anyone can explain this? this is a virus? pls HELP!!!
Nimda-infected IIS machines are probing you. Check Bugtraq for original post
of the worm and how to resolve it.
--
Deds Castillo
Infiniteinfo Philippines
http://www.infiniteinfo.com
Hiroshima '45, Chernobyl '86, Windows '95
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
