I have the same problem... Most likely it's someone's computer infected
with one of these lovely worms that's going around. The program will
just keep hitting systems until they're taken off the net, or the
program is removed. It's unlikely that command.com would do them any
good as I don't think 16-bit command.com would run in IIS's 32-bit
memory space.. Definitely would be something neat to test though.
Eric
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
On
> Behalf Of Manuel de Aguiar
> Sent: Tuesday, September 25, 2001 10:55 PM
> To: [EMAIL PROTECTED]
> Subject: Re: COMSPEC
>
> Hello Frank & Bill,
> Thank you for your post. My Tango server is attacked at least 100
every
> day with someone trying to break in to execute my cmd.exe.
> As soon as I read Frank's post, I ran a search and sure enough I found
> command.com in my WINNT/System32 directory. (This probably qualifies
> for a slap on the forehead..... Sami I owe the kiddy) I am glad that
> all the attacks have targeted the use of my cmd.exe and not the
> command.com or they would have succeeded again in screwing up my Tango
> Server.
> Anyone that has an Internet server make sure to change the execute
> permission of cmd.exe and command.com.
> Manuel
>
> Bill Downall wrote:
>
> > Frank,
> >
> > Microsoft operating systems get confused by R:Base for DOS.
> > R:Base starts out looking like a 16-bit DOS program, which would
> > typically use COMMAND.COM, but then switches to 32bit protected
> > mode by running DOS4GW.EXE. So you can zip to either CMD.EXE
> > (note the spelling), the 32-bit native NT/W2K command processor, or
> > its 16-bit baby brother COMMAND.COM.
> >
> > Open a "command prompt" and type
> >
> > SET | MORE
> >
> > You will see that COMSPEC is set to CMD.EXE
> >
> > Then, at the command prompt, type
> >
> > COMMAND.COM
> >
> > When you get back to a prompt, type again:
> >
> > SET | MORE
> >
> > and you'll see that the comspec is different, and there may be some
> > other differences in environment variables that are not used in
> > COMMAND.COM but that are used in CMD.EXE.
> >
> > syntax and options are slightly different between the two, so,
> > depending on what the "whatever" is on your command line, you may
> > actually prefer to launch CMD.EXE rather than COMMAND.COM. Both
> > command processors should start from R:Base for DOS.
> >
> > Bill
> >
> > On Tue, 25 Sep 2001 18:29:17 -0700, Frank Radice wrote:
> >
> > >Is the ComSpec correct? Why does it have COMMAND.COM?
> > Should it be
> > >CMD.COM? Is this or can this cause a problem?
