Security Incidents mailing list archives
Re: IIS Exploit...
From: Brian Caswell <bmc () MITRE ORG>
Date: Wed, 9 May 2001 08:47:33 -0400
Chris Hobbs wrote:
Well, not too much info here - regrettably my snort rules file got zeroed out when whitehats.com changed their format. So, all I have is my IIS logs - however, it's pretty straightforward what happened:
YET ANOTHER REASON NOT TO AUTOMAGICLY UPDATE YOUR RULESET!!!!!!!!! Geez. I don't know how many times I have to say this. Automagicly downloading rulesets for ANYTHING is a very DUMB idea. If you are deploying anything like this and you want automagic updates to your sensors, at LEAST pull your rules from a LOCALLY administrated copy. And update the LOCAL copy by hand. -brian
Current thread:
- IIS Exploit... Chris Hobbs (May 08)
- Re: IIS Exploit... Hugo van der Kooij (May 08)
- Re: IIS Exploit... Bob Johnson (May 10)
- Re: IIS Exploit... Brian Caswell (May 10)
- <Possible follow-ups>
- Re: IIS Exploit... Schmidt, Mike (May 10)