Snort mailing list archives
Re: web iis attack
From: doswald () nexterna com
Date: Fri, 25 Oct 2002 07:49:57 -0500
Alwin, Download a copy of N-Stealth and scan your IIS server from outside your newtwork, this app will give you an idea of what might be vulnerable on that server. Dave Oswald Senior Network Engineer / Security Analyst (402) 926-5789 Cell (402) 510-5786 Nexterna, Inc. Manage Your Mobile Resources www.nexterna.com NEXTERNA E-MAIL CONFIDENTIALITY NOTICE This transmission is intended to be strictly confidential. If you are not the intended recipient of this message, you may not disclose, print, copy or disseminate this information. If you have received this in error, please reply and notify the sender (only) and delete the message. Unauthorized interception of this e-mail is a violation of federal criminal law. Alwin Raymundo <alrayworld () yahoo com> To: user snort <snort-users () lists sourceforge net> Sent by: cc: snort-users-admin@lists.sourc Subject: [Snort-users] web iis attack eforge.net 10/25/2002 06:54 AM Hi Guys, I got a massive attack from one IP doing something on my one IIS server. I already post it, some say that I should look at the iss log files if they succeded getting in or not. Almost a week I puzzled my self because the snort detect it and log the packets and everything while on ISS log there is nothing. Absolutely nothing. BTW, here are the sample logs in snort HEAD /samples/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir?/c+dir+c: HTTP/1.0..Host: xxx.xx.xx.91 Is there any software or utilities that can do this? let me know because I want to try it myself. I need your help guys. Thanks in Advance Your brother in snort ===== Alwin Raymundo __________________________________________________ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- web iis attack Alwin Raymundo (Oct 25)
- <Possible follow-ups>
- Re: web iis attack doswald (Oct 25)
- RE: web iis attack Alwin Raymundo (Oct 25)
- RE: web iis attack Gray . Brendan (Oct 25)
- RE: web iis attack Hicks, John (Oct 25)