New Worm or Attack

["VanMeter, John" <John.VanMeter () ost dot gov>]

I've seen the following attacks on one of my servers in the dmz

An attempt was made to run a program in the system32 directory from the IIS
server. - MS00-057 - "File Permission Canonicalization" Vulnerability 

HTTP URL Scans

URL contains a pattern that is allows a remote intruder to access files or
run programs on the web server machines. 


Is this what every one else is seeing?


John van Meter
WIN2K System Administrator
202.366.9884
____
Never let formal schooling interfere with your education
Disclaimer: My own two cents


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com