Dear Members, 1-We are getting Virus attack message on our proxy(Squid)Machine not only from our own IP Pool but also from outside, Please guide how to tackle it as it is constantly chocking our Bandwidth. i.e. one of the virus attack message we are getting on our proxy(squid) machine is as under:-
1022226226.976 5 202.192.204.130 TCP_Miss/503 1210 Get http://www/_mem_bin/..%255c../..%255../..%255../winnt/system32/cmd.exe? - DIRECT/www - 1022226228.156 6 202.192.204.130 TCP_Miss/503 1266 Get http://www/msadc/..%255c../..%255c../..%255c../..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe? - DIRECT/www - 1022226229.324 3 202.192.204.130 TCP_Miss/503 1170 Get http://www/Scripts/..%c1%1c../winnt/system32/cmd.exe? - DIRECT/www - 1022226230.625 23 202.192.204.130 TCP_Miss/503 1170 Get http://www/Scripts/..%c0%2f../winnt/system32/cmd.exe? - DIRECT/www - 1022226231.841 8 202.192.204.130 TCP_Miss/503 1170 Get http://www/Scripts/..%c0%af../winnt/system32/cmd.exe? - DIRECT/www - ...............................................................................................................................etc etc 2- we want to trace that which IP's are utilizing our maximum bandwidtth so that we can limit that trafiic accordingly in order to get Maximum efficiency? Thank you in advance! Ahmad Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44936&t=44936 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
