Sidebar: Web Logs

• Use W3C extended format to get full info

• Time Sync with firewalls, other servers

• Look at PUTs and POSTs

  • Vti_bin

  • Scripts

  • Admin.dll

  • Cmd.exe (or any .exe)

  • Directory traversal (..)

  • Long URLs contain % characters