Subject: RE: Anyone Else Getting Hits Like This ?
From: Mark Weisman (mweisman@gci.net)
Date: Sat Mar 02 2002 - 01:45:55 AKST
As far as the logging goes, I'm not the one to ask. But if you're
nervous about problems, the two products that I installed on mine was
"portsentry" and "hostsentry". Fairly simplistic installs, and although
may offer more logging than just letting a request for an .exe file
bounce around your box for a while.
Thank you,
Mark-Nathaniel Weisman MCP, CNA, A+, MOUS MI
Network Systems Administrator
Career Academy MIS Department
Anchorage, AK
-----Original Message-----
From: aklug-bounce@aklug.org [mailto:aklug-bounce@aklug.org] On Behalf
Of Jon
Sent: Friday, March 01, 2002 8:43 PM
To: W.D.McKinney
Cc: aklug@aklug.org
Subject: Re: Anyone Else Getting Hits Like This ?
I'm getting that also, is there a way to block it?
Jon
On Wed, 2002-02-27 at 18:14, W.D.McKinney wrote:
>
> Yes, just wondering how prolific it is still :-)
>
> "Jason C. Neumann" <lister@geekvenue.net> wrote:
> >
> > My site's logging quite a few. I believe it's our good 'ol friend
> > nimda or similar.
> >
> > -Jason
> >
> > > 209.34.27.7 - - [27/Feb/2002:08:31:47 -0900] "GET
> > > /scripts/root.exe?/c+dir
> > HTTP/1.0" 404 278
> > > 209.34.27.7 - - [27/Feb/2002:08:31:48 -0900] "GET
> > > /MSADC/root.exe?/c+dir
> > HTTP/1.0" 404 276
> > > 209.34.27.7 - - [27/Feb/2002:08:31:50 -0900] "GET
> > /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 286
> > > 209.34.27.7 - - [27/Feb/2002:08:31:51 -0900] "GET
> > /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0"
> >
>
>
> --
> W.D.McKinney (Dee)
> (907)349-4308 (Office)
> (907)349-2226 (Fax)
> http://3519098920
>
>
>
This archive was generated by hypermail 2a23 : Sat Mar 02 2002 - 01:51:24 AKST