Nimda scan. Just make sure your box is patched. Andrew Blevins
-----Original Message----- From: Ryan Ratkiewicz [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 15, 2001 10:18 AM To: [EMAIL PROTECTED] Subject: IIS Hack Attempt Can someone help me decipher this? 11:30:48 207.217.205.149 GET /scripts/root.exe 404 11:30:48 207.217.205.149 GET /MSADC/root.exe 404 11:30:49 207.217.205.149 GET /c/winnt/system32/cmd.exe 404 11:30:49 207.217.205.149 GET /d/winnt/system32/cmd.exe 404 11:30:49 207.217.205.149 GET /scripts/..%5c../winnt/system32/cmd.exe 500 11:30:49 207.217.205.149 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404 11:30:50 207.217.205.149 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404 11:30:50 207.217.205.149 GET /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe 500 11:30:50 207.217.205.149 GET /scripts/..Á../winnt/system32/cmd.exe 500 11:30:50 207.217.205.149 GET /scripts/winnt/system32/cmd.exe 404 11:30:51 207.217.205.149 GET /winnt/system32/cmd.exe 404 11:30:51 207.217.205.149 GET /winnt/system32/cmd.exe 404 11:30:51 207.217.205.149 GET /scripts/..%5c../winnt/system32/cmd.exe 500 11:30:51 207.217.205.149 GET /scripts/..%5c../winnt/system32/cmd.exe 500 11:30:52 207.217.205.149 GET /scripts/..%5c../winnt/system32/cmd.exe 500 11:30:52 207.217.205.149 GET /scripts/..%2f../winnt/system32/cmd.exe 500 Thanks.