New zombie fleet looking at webserver root pages??? Started Feb 10, ALL with browser string "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"

From: Craig (anonymous_at_illegalhostname.com)
Date: 02/17/04

• Next message: Martin Mathiassen: "Netscreen5 XT and freebsd 4.9 firewall set up HELP NEEDED"
• Previous message: Markus Kraus: "Re: sonicwall soho2 and radmin"
• Next in thread: Micheal Robert Zium: "Re: New zombie fleet looking at webserver root pages??? Started Feb 10, ALL with browser string "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)""
• Reply: Cichlidiot: "Re: New zombie fleet looking at webserver root pages??? Started Feb 10, ALL with browser string "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 17 Feb 2004 04:47:58 -0500

Good-day,

I know this isn't exactly a firewall question, but you guys seem much more on top of these types of things than the "general security" crowd who are all dealing with spyware and mail-worms.

I've never seen anything like this before.

Starting back on Feb 10th 2004 I've found an increasing number of solitary http get requests to the root page of my webserver. They come from broadband lines spread all over the place, and *ALL* the requests have the same browser identifier, with no referrer. Almost none of the IP's have ever made more than one request.

I mean the usual are malformed/404 requests attempting to exploit old IIS holes, rogue search engines, and spam spiders from Nigeria looking for e-mail addresses (crawling ONLY html pages but without a crawler referrer).

These are all get requests that result in 200 codes.
They *all* have the same ID of "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)".
The IP's do *not* appear anywhere else in my logs, for any other codes (200's, 404's, etc).
I am able to ping about half these IPs.
And it definitely started on the 10th, and by the 13th reached it's current stead state rate of around 20 requests a day.

See the access log grep from February below. Note that a similar grep on January's logs turns up only one or two such hits the entire month.

Any ideas? A new worm looking for a new IIS hole based on the MS source code release that was also around the 10th but that results in benign looking 200 requests on non-IIS webservers????

Cheers,

        -Craig

PS: I've verified that the "grep 30038" below has not pulled in a single root page request that accompanied any standard browser request for the root page, none of them had that browser ID!!! The grep merely excludes requests for other more popular pages within my site that came from browsers that happened to have the same browser ID. (My main page is NOT a popular entrypoint or destination, so I'm not supprised no-one browsed it with that specific browser type.

The whole reason I noticed this is that there were clumps of 4-6 of these in my logs (my site gets approx 30 unique visitors a day) with ZERO requests for the associated images on the root page or any subsequent "browsing" or crawling activity.

> grep "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" ac0402*.log | grep 30038
ac040212.log:68.72.124.77 - - [11/Feb/2004:04:01:24 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040212.log:218.220.85.78 - - [11/Feb/2004:18:47:50 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040213.log:219.109.123.82 - - [12/Feb/2004:00:53:07 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040213.log:218.222.107.220 - - [12/Feb/2004:10:04:51 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040213.log:220.159.111.42 - - [12/Feb/2004:12:26:05 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040213.log:66.72.10.151 - - [12/Feb/2004:18:15:06 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040213.log:68.94.196.201 - - [12/Feb/2004:22:22:41 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040213.log:216.190.71.198 - - [12/Feb/2004:22:31:35 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040213.log:61.184.41.27 - - [12/Feb/2004:23:24:08 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040214.log:61.119.187.62 - - [13/Feb/2004:01:45:25 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040214.log:221.187.230.130 - - [13/Feb/2004:06:30:36 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040214.log:61.223.51.33 - - [13/Feb/2004:08:48:54 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040214.log:67.74.252.225 - - [13/Feb/2004:09:18:27 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040214.log:216.78.57.232 - - [13/Feb/2004:12:01:38 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040214.log:202.247.32.19 - - [13/Feb/2004:12:36:42 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040214.log:210.107.27.80 - - [13/Feb/2004:14:55:30 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040214.log:63.233.228.48 - - [13/Feb/2004:15:19:11 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040214.log:211.18.119.212 - - [13/Feb/2004:15:21:28 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040214.log:216.192.148.3 - - [13/Feb/2004:16:07:32 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040214.log:81.49.130.74 - - [13/Feb/2004:16:56:44 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040214.log:211.120.145.170 - - [13/Feb/2004:18:47:30 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040214.log:80.58.20.237 - - [13/Feb/2004:20:31:40 -0500] "GET / HTTP/1.0" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040214.log:68.123.54.42 - - [13/Feb/2004:20:51:38 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040214.log:222.3.235.191 - - [13/Feb/2004:21:31:46 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040215.log:220.99.161.193 - - [14/Feb/2004:02:09:10 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040215.log:68.23.11.40 - - [14/Feb/2004:02:36:44 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040215.log:210.180.96.11 - - [14/Feb/2004:02:48:19 -0500] "GET / HTTP/1.0" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040215.log:68.123.113.84 - - [14/Feb/2004:03:56:08 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040215.log:67.72.212.113 - - [14/Feb/2004:06:35:36 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040215.log:220.214.252.39 - - [14/Feb/2004:07:49:27 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040215.log:220.221.213.223 - - [14/Feb/2004:08:51:19 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040215.log:218.19.33.238 - - [14/Feb/2004:08:56:56 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040215.log:69.0.16.155 - - [14/Feb/2004:08:59:03 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040215.log:80.58.42.237 - - [14/Feb/2004:12:05:12 -0500] "GET / HTTP/1.0" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040215.log:210.132.255.186 - - [14/Feb/2004:12:08:22 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040215.log:81.251.122.42 - - [14/Feb/2004:14:14:21 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040215.log:80.54.202.16 - - [14/Feb/2004:15:43:13 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040215.log:4.65.2.129 - - [14/Feb/2004:15:43:16 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040215.log:80.58.50.173 - - [14/Feb/2004:16:06:04 -0500] "GET / HTTP/1.0" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040215.log:203.72.170.45 - - [14/Feb/2004:16:50:16 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040215.log:65.43.171.176 - - [14/Feb/2004:17:14:57 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040215.log:218.169.73.252 - - [14/Feb/2004:18:35:42 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040215.log:217.43.37.135 - - [14/Feb/2004:19:04:02 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040215.log:80.58.35.237 - - [14/Feb/2004:19:19:00 -0500] "GET / HTTP/1.0" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040215.log:4.3.7.48 - - [14/Feb/2004:20:25:15 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040215.log:209.153.174.186 - - [14/Feb/2004:21:01:02 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040215.log:203.141.89.145 - - [14/Feb/2004:22:17:02 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040215.log:67.73.148.47 - - [14/Feb/2004:23:00:18 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040215.log:69.105.132.76 - - [14/Feb/2004:23:51:40 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040216.log:165.247.76.184 - - [15/Feb/2004:01:25:59 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040216.log:219.110.59.10 - - [15/Feb/2004:01:28:54 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040216.log:81.48.46.231 - - [15/Feb/2004:02:21:37 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040216.log:221.189.192.29 - - [15/Feb/2004:02:45:03 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040216.log:222.136.0.139 - - [15/Feb/2004:05:32:25 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040216.log:210.219.150.66 - - [15/Feb/2004:05:49:41 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040216.log:61.59.201.126 - - [15/Feb/2004:06:32:21 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040216.log:165.247.66.144 - - [15/Feb/2004:08:41:45 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040216.log:218.24.23.185 - - [15/Feb/2004:09:06:52 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040216.log:67.126.221.15 - - [15/Feb/2004:09:13:33 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040216.log:64.218.106.14 - - [15/Feb/2004:10:49:52 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040216.log:212.76.253.57 - - [15/Feb/2004:12:46:00 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040216.log:67.73.158.152 - - [15/Feb/2004:17:00:21 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040216.log:165.121.91.142 - - [15/Feb/2004:19:15:15 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040216.log:80.15.202.141 - - [15/Feb/2004:19:30:28 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040216.log:68.219.139.39 - - [15/Feb/2004:20:21:01 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040216.log:68.161.202.22 - - [15/Feb/2004:20:39:43 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040216.log:210.221.64.35 - - [15/Feb/2004:20:50:36 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040216.log:66.73.167.46 - - [15/Feb/2004:21:41:44 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040216.log:80.58.41.45 - - [15/Feb/2004:21:44:34 -0500] "GET / HTTP/1.0" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040216.log:80.58.13.237 - - [15/Feb/2004:22:46:59 -0500] "GET / HTTP/1.0" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040217.log:81.250.68.143 - - [16/Feb/2004:00:51:08 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040217.log:220.96.233.217 - - [16/Feb/2004:02:23:12 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040217.log:211.131.240.206 - - [16/Feb/2004:07:04:17 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040217.log:220.144.131.157 - - [16/Feb/2004:07:19:07 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040217.log:4.13.49.22 - - [16/Feb/2004:07:32:29 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040217.log:61.202.55.223 - - [16/Feb/2004:08:10:11 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040217.log:221.196.32.90 - - [16/Feb/2004:08:36:35 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040217.log:68.77.27.254 - - [16/Feb/2004:10:12:29 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040217.log:61.193.102.126 - - [16/Feb/2004:11:13:33 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040217.log:219.167.89.200 - - [16/Feb/2004:11:57:17 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040217.log:62.147.141.61 - - [16/Feb/2004:12:32:15 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040217.log:82.64.8.23 - - [16/Feb/2004:16:07:38 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040217.log:81.203.124.36 - - [16/Feb/2004:16:27:29 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040217.log:65.142.29.31 - - [16/Feb/2004:16:49:03 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040217.log:218.171.137.218 - - [16/Feb/2004:19:52:17 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040217.log:61.231.63.170 - - [16/Feb/2004:20:06:52 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040217.log:165.247.94.180 - - [16/Feb/2004:20:43:53 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040217.log:205.185.83.254 - - [16/Feb/2004:20:53:34 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040217.log:64.169.7.203 - - [16/Feb/2004:20:59:36 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040217.log:68.75.58.65 - - [16/Feb/2004:21:42:33 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040217.log:67.0.141.14 - - [16/Feb/2004:22:16:57 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
ac040217.log:64.222.44.116 - - [16/Feb/2004:22:49:57 -0500] "GET / HTTP/1.1" 200 30038 "" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"

---

• Next message: Martin Mathiassen: "Netscreen5 XT and freebsd 4.9 firewall set up HELP NEEDED"
• Previous message: Markus Kraus: "Re: sonicwall soho2 and radmin"
• Next in thread: Micheal Robert Zium: "Re: New zombie fleet looking at webserver root pages??? Started Feb 10, ALL with browser string "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)""
• Reply: Cichlidiot: "Re: New zombie fleet looking at webserver root pages??? Started Feb 10, ALL with browser string "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages New zombie fleet looking at webserver root pages??? Started Feb 10, ALL with browser string " ... I mean the usual are malformed/404 requests attempting to exploit old IIS holes, rogue search engines, and spam spiders from Nigeria looking for e-mail addresses. ... The IP's do *not* appear anywhere else in my logs, for any other codes. ... See the access log grep from February below. ... Note that a similar grep on January's logs turns up only one or two such hits the entire month. ... (comp.security.misc) Re: Error code 0x643 for Net framework 2.0 ... Looks like you need to go into the logs and find the real problem. ... the install automatically. ... Finding some files with those codes in them? ... Take advantage of the When was it modified filter to limit the files ... (microsoft.public.windowsupdate) Re: Log files indicate IIS restart? Or worker process recycling ... and recycle the pool after 1740 mins ... > The IIS W3C format logs of a web site frequently have the following lines ... > are about 10 of these entries in the logs. ... > requests, sometimes just after 1 request, sometimes after several dozen ... (microsoft.public.inetserver.iis.security) Re: [logs] nimda web server logs ... apache logs rather then snort logs for the connection attempts). ... I have also seen requests for ... looking in the denied packet logs I also see loads of denied connection ... (Incidents) Re: ISA report job not working properly ... | There are no event logs about report creation problems, ... The Report Job Properties window opens. ... | Requests Bytes In Bytes ... (microsoft.public.isa)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)