Re: IIS W3SVC1 Log File with something else from buffer

From: Bernard (qbernard_at_hotmail.com)
Date: 09/27/03


Date: Sat, 27 Sep 2003 13:05:18 +0800


Are you sure.. those 'abnormal text' is part
your email or other program.

My guess is that - those 'text' is actually from
machines try to attack you with bufferoverflow techniques.

you might want to ensure you machine is patch up to date.
and get ulrscan install to filter unwanted requests.

-- 
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...
"Ben" <tainhan@ureach.com> wrote in message
news:Ozz3dMFhDHA.2544@TK2MSFTNGP12.phx.gbl...
> Hi Bernards,
>
> Here are some lines from the logs(within {}):
> {
> 15:42:55 192.168.1.10 - W3SVC1 ABCSTATION 192.168.1.7 80 GET
> /ABC/script.js - 304 0 162 386 <-- Normal Access -I remove some  >
> 15:42:55 192.168.1.10 - W3SVC1 ABCSTATION 192.168.1.7 80 POST
> /ABC/ABC.aspx - 200 0 34025 <-- Normal Access -I remove some  >
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> <BR>
> Note:&nbsp; Your reference number is included in the Subject field of
> this<BR>
> <BR>
> <BR>
> Ben,<BR>
> <BR>
> I tested the CWDSP.ReFFT() function <BR>
> }
>
> I added Blue Note <-- Normal Access -I remove some  >
> The Abnormal Text is from my email
>
> On some of the other logs, The Abnormal Text is unreadable.
> This one is from beginning of the log file:
> {
> MZ                @                                   ?    
> !L!This program cannot
> <Abnomal Text - I remove some - Then the Normal log:>
> #Version: 1.0
> #Date: 2003-04-24 17:21:08
> #Fields: time c-ip cs-method cs-uri-stem sc-status
> 17:21:08 192.168.1.7 GET /index.asp 200
> }
> The Abnormal Part seems like from excuteable file.
>
> To me these abnomal text are from memory buffer.
>
> Ben
>
> "Bernard" <qbernard@hotmail.com> wrote in message
> news:eYRz%23ZkgDHA.3324@TK2MSFTNGP11.phx.gbl...
> > Post some line of those requests log.
> >
> > -- 
> > Regards,
> > Bernard Cheah
> > http://support.microsoft.com/
> > Please respond to newsgroups only ...
> >
> >
> >
> > "Ben" <tainhan@ureach.com> wrote in message
> > news:OMNXcBfgDHA.1748@TK2MSFTNGP10.phx.gbl...
> > > Hi all,
> > >
> > > Sometime I found on my IIS Log File some of other text added in. I
think
> > the
> > > text from the buffer.
> > >
> > > The text may be a part of email I was reading, or a part of data I
> > copy/past
> > > on some word documents.
> > >
> > > My system is win2000 Pro. with all up-to-date MS Critical Update.
> > >
> > > My Norton Antivirus found nothing like virus.
> > >
> > > Have you experienced that problem?
> > >
> > > Please tell me if it is normal and OK?
> > >
> > > Thank you,
> > >
> > > Ben
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> >
> >
>
>