Last week I checked our IIS web server's log file and found the following attack logs. I am using a Cisco PIX and opened port 80 for our web server. Could anyone tell me what kind of attack these are and how to block them from my network by PIX?
#Fields: date time c-ip cs-username s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status cs(User-Agent) 2002-03-29 01:39:24 24.157.182.174 - 24.157.93.95 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - 2002-03-29 01:39:24 24.157.182.174 - 24.157.93.95 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - 2002-03-29 01:39:24 24.157.182.174 - 24.157.93.95 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - 2002-03-29 01:39:24 24.157.182.174 - 24.157.93.95 80 GET /scripts/..%2f../winnt/system32/cmd.exe /c+dir 500 - Thansk, Fei. _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
