06-28-2002 07:01 AM - edited 03-08-2019 11:14 PM
Our 3005 Concentrator is working well but I am getting various errors in the event logs that I am unclear on. They are informational but I would like to understand what they mean. The messages are the following:
11350 06/27/2002 23:00:49.460 SEV=4 HTTP/50 RPT=2105 195.65.247.70
HTTP 404 Not Found (/scripts/..%5c%5c../winnt/system32/cmd.exe)
11351 06/27/2002 23:00:49.460 SEV=3 HTTP/10 RPT=2507 195.65.247.70
HTTP 401 Unauthorized: Authorization Not Present
11352 06/28/2002 06:31:11.610 SEV=4 HTTP/50 RPT=2106 12.246.119.46
HTTP 404 Not Found (/scripts/root.exe)
11353 06/28/2002 06:31:11.610 SEV=3 HTTP/10 RPT=2508 12.246.119.46
HTTP 401 Unauthorized: Authorization Not Present
11354 06/28/2002 06:31:11.610 SEV=4 HTTP/13 RPT=2043 12.246.119.46
HTTP 400 Bad Request: Form Error
11355 06/28/2002 06:31:11.820 SEV=4 HTTP/50 RPT=2107 12.246.119.46
HTTP 404 Not Found (/MSADC/root.exe)
11356 06/28/2002 06:31:11.820 SEV=3 HTTP/10 RPT=2509 12.246.119.46
HTTP 401 Unauthorized: Authorization Not Present
11357 06/28/2002 06:31:11.820 SEV=4 HTTP/13 RPT=2044 12.246.119.46
HTTP 400 Bad Request: Form Error
11358 06/28/2002 06:31:12.040 SEV=4 HTTP/50 RPT=2108 12.246.119.46
HTTP 404 Not Found (/c/winnt/system32/cmd.exe)
11359 06/28/2002 06:31:12.040 SEV=3 HTTP/10 RPT=2510 12.246.119.46
HTTP 401 Unauthorized: Authorization Not Present
11360 06/28/2002 06:31:12.040 SEV=4 HTTP/13 RPT=2045 12.246.119.46
HTTP 400 Bad Request: Form Error
11361 06/28/2002 06:31:12.230 SEV=4 HTTP/50 RPT=2109 12.246.119.46
HTTP 404 Not Found (/d/winnt/system32/cmd.exe)
11362 06/28/2002 06:31:12.230 SEV=3 HTTP/10 RPT=2511 12.246.119.46
HTTP 401 Unauthorized: Authorization Not Present
11363 06/28/2002 06:31:12.230 SEV=4 HTTP/13 RPT=2046 12.246.119.46
HTTP 400 Bad Request: Form Error
11364 06/28/2002 06:31:12.410 SEV=4 HTTP/50 RPT=2110 12.246.119.46
HTTP 404 Not Found (/scripts/..%5c../winnt/system32/cmd.exe)
11365 06/28/2002 06:31:12.410 SEV=3 HTTP/10 RPT=2512 12.246.119.46
HTTP 401 Unauthorized: Authorization Not Present
11366 06/28/2002 06:31:12.410 SEV=4 HTTP/13 RPT=2047 12.246.119.46
HTTP 400 Bad Request: Form Error
11367 06/28/2002 06:31:12.600 SEV=4 HTTP/50 RPT=2111 12.246.119.46
HTTP 404 Not Found (/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe)
11368 06/28/2002 06:31:12.600 SEV=3 HTTP/10 RPT=2513 12.246.119.46
HTTP 401 Unauthorized: Authorization Not Present
Thanks
06-28-2002 05:57 PM
I believe you are using HTTP as the administrator protocol to manage the VPN 3005 concentrator.
So VPN 3005 concentrator will be always listening on TCP port 80 (HTTP) for all the packtes, this is reason why you see many HTTP "not found, Authorized" error there.
If want to reduce all these messages, please config the VPN 3005 using HTTPS and disable HTTP as the management protocol.
It will resolve your issues there.
07-01-2002 06:20 AM
Thanks, I will do so.
06-29-2002 06:57 PM
Looks like a host with affected with Nimda is sending these requests to the VPN3000. If the requests are coming from the inside, do a scan of your hosts with Virus scanner, if it is coming from the outside, then go through:
http://www.cisco.com/warp/public/63/nimda.shtml
and you would find ways to protect your net for it.
07-01-2002 06:24 AM
Would there be any way to set up this protection from Nimda at the concentrator itself or is the perimeter router the place to setup the protection? thanks for your help
07-01-2002 03:09 PM
The VPN 3000 will not be infected by Nimda because itself is not Web server.
But it will be affected if you are using HTTP as the managment protocol.
Because the 3000 listening on HTTP, and huge amout HTTP packets will overload the 3000 CPU and make it hange or crash.
The simplest protection for the VPN 3000 is disable HTTP and use HTTPS as the management protocol as I said before.
From this way, does not matter "red code" or Nimda or anyting else will have nothing to do with your VPN 3000.
07-02-2002 04:57 AM
Thanks, I disabled http and the logs are much cleaner now.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide