I'll try to explain (to my understanding) what is happening when you see that stuff in your logs, or what not.

Those characters are unicode representations of normal characters. IIS filtered out the normal (non unicode) characters, but didn't filter out the unicode equivilents. The unicode text you had was trying to get out of the root html directory and get IIS to execute cmd.exe, which is the command prompt. The dir part was getting IIS to run the "dir" command inside of the command prompt, which you probably know will list the folders on your computer. From there, an attacker could explore your system and compromise it.

Luckily, you can patch that vulnerability. I also remember a tutorial a while back where catch used a tool called URLScan that would allow you to control what IIS saw/got. With it, you can prevent all sorts of malicious requests from even reaching IIS to harm it. If you run IIS, and you setup URLScan nicely, I think that you would be much safer than without it. His tut is here: http://www.antionline.com/showthread...hreadid=244658 BTW, I don't mess with IIS too much so I'm not exactly familiar with what goes on with it, etc.

-Tim_axe