Re: IIS W3SVC1 Log File with something else from buffer

From: Bernard (qbernard_at_hotmail.com)
Date: 09/27/03


Date: Sat, 27 Sep 2003 13:05:18 +0800


Are you sure.. those 'abnormal text' is part
your email or other program.

My guess is that - those 'text' is actually from
machines try to attack you with bufferoverflow techniques.

you might want to ensure you machine is patch up to date.
and get ulrscan install to filter unwanted requests.

-- 
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...
"Ben" <tainhan@ureach.com> wrote in message
news:Ozz3dMFhDHA.2544@TK2MSFTNGP12.phx.gbl...
> Hi Bernards,
>
> Here are some lines from the logs(within {}):
> {
> 15:42:55 192.168.1.10 - W3SVC1 ABCSTATION 192.168.1.7 80 GET
> /ABC/script.js - 304 0 162 386 <-- Normal Access -I remove some  >
> 15:42:55 192.168.1.10 - W3SVC1 ABCSTATION 192.168.1.7 80 POST
> /ABC/ABC.aspx - 200 0 34025 <-- Normal Access -I remove some  >
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> <BR>
> Note:&nbsp; Your reference number is included in the Subject field of
> this<BR>
> <BR>
> <BR>
> Ben,<BR>
> <BR>
> I tested the CWDSP.ReFFT() function <BR>
> }
>
> I added Blue Note <-- Normal Access -I remove some  >
> The Abnormal Text is from my email
>
> On some of the other logs, The Abnormal Text is unreadable.
> This one is from beginning of the log file:
> {
> MZ                @                                   ?    
> !L!This program cannot
> <Abnomal Text - I remove some - Then the Normal log:>
> #Version: 1.0
> #Date: 2003-04-24 17:21:08
> #Fields: time c-ip cs-method cs-uri-stem sc-status
> 17:21:08 192.168.1.7 GET /index.asp 200
> }
> The Abnormal Part seems like from excuteable file.
>
> To me these abnomal text are from memory buffer.
>
> Ben
>
> "Bernard" <qbernard@hotmail.com> wrote in message
> news:eYRz%23ZkgDHA.3324@TK2MSFTNGP11.phx.gbl...
> > Post some line of those requests log.
> >
> > -- 
> > Regards,
> > Bernard Cheah
> > http://support.microsoft.com/
> > Please respond to newsgroups only ...
> >
> >
> >
> > "Ben" <tainhan@ureach.com> wrote in message
> > news:OMNXcBfgDHA.1748@TK2MSFTNGP10.phx.gbl...
> > > Hi all,
> > >
> > > Sometime I found on my IIS Log File some of other text added in. I
think
> > the
> > > text from the buffer.
> > >
> > > The text may be a part of email I was reading, or a part of data I
> > copy/past
> > > on some word documents.
> > >
> > > My system is win2000 Pro. with all up-to-date MS Critical Update.
> > >
> > > My Norton Antivirus found nothing like virus.
> > >
> > > Have you experienced that problem?
> > >
> > > Please tell me if it is normal and OK?
> > >
> > > Thank you,
> > >
> > > Ben
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> >
> >
>
>


Relevant Pages

  • Re: IIS W3SVC1 Log File with something else from buffer
    ... machines try to attack you with bufferoverflow techniques. ... > To me these abnomal text are from memory buffer. ... >> Bernard Cheah ... >>> Sometime I found on my IIS Log File some of other text added in. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Called ServiceBase.Run(), but never receive OnStart()?
    ... settings, most important of which for our purposes is the name of the ... On the machines where this works, I see, in the logfile, the two ... Write a startup message to the log file. ... But you are reading from the registry before you are actually writing to the log file, what's important is to know the time you entered Main and the time at which you are calling Run, the difference between those may not exceed 30 seconds. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Errors Message from Webtrends Firewall Suite
    ... Firewall Suite and Firewall Appliance Analyzer keep track of how many ... records in the log file were dropped due to being out of chronological ... The reason it takes more memory is because whatever setting is entered ... One cause could be when multiple machines record to one log, ...
    (comp.security.firewalls)
  • FOR command question
    ... windows 2000 and XP machines fill in these fields fine however my NT4 ... I use the 'find' and 'for' commands on this log file a lot. ... so my tokens don't get off? ...
    (microsoft.public.win2000.cmdprompt.admin)
  • Re: log4j and log file lock?
    ... We have a processor farm (currently 8 machines) running the same ... We use log4j to record ... we'd like to use a single log file in a networked ... which, if faster than the network ...
    (comp.lang.java.programmer)