I just started all this stuff not too long ago.. tell me what this means in the error log... is this someone attempting to do somethin to my system? this is in the error log

msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir 6 -
/d/winnt/system32/cmd.exe?/c+dir 6 -
/c/winnt/system32/cmd.exe?/c+dir 6 -
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir 6 -
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir 6 -
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir 6 -
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir 6 -
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir 6 -
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir 6 -
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir 6 -
/scripts/root.exe?/c+dir 6 -
/MSADC/root.exe?/c+dir 6 -
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir 6 -
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir

Windows virii attacking you- nothing to be alarmed about

I kinda figured it wasnt a problem since all the commands work window commands... but is there anyway to stop this stuff? do people just randomly do this or what?

thanx for the response


tommy

People arent doing that it is an infected computer trying to infect you, and yes you can stop it, close port 80:p

Don't have to close port 80. Just block the IP from ever connecting to your box again. Only problem is, if it's a dynamic IP, it might eventually be reassigned to a non-infected machine that wants to legitimately connect to your box. When that happens, they'll be blocked.

The better solution, is actually to make use of the iptables string matching support. This allows you to match packets by the content and thus drop those that contain identifying strings belonging to a Windows worm. Most common would be "cmd.exe". For more information, check out this article: http://online.securityfocus.com/infocus/1531