Intrusion attempt ?

[mmendes]

I am running IIS service with OWA on my Win2k/Exchange 5.5 server. Everything is fully patched. I have also ran the IIS lockdown tool with installation of the URL scan feature.

When I check the IIS access log, it routinely shows entries like &quot;80 GET /<Rejected-By-UrlScan>&quot; so I know the URL filter is working.

However, It also occasionally shows &quot;80 GET /scripts/nsiislog.dll - 401 -&quot;. Should I be worried about these attempts to access nsiislog.dll? I am fully pacthed and behind a firewall.

Thank you.

 

[Willis99]

This is not an answer to your specific question. However, if you haven't already done so, consider installing and running the &quot;Baseline Security Analyzer&quot; and checking that server. Even if you are &quot;fully patched,&quot; you might identify some other more subtle security issues.

More information at

http://www.microsoft.com/downloads

Search &quot;Baseline Security Analyzer&quot;

or visit MS page below:

http://www.microsoft.com/downloads/...3b-92e3-4f97-80e7-8bc9ff836742&DisplayLang=en