Snort mailing list archives
Re: web iis attack
From: doswald () nexterna com
Date: Fri, 25 Oct 2002 07:49:57 -0500
Alwin,
Download a copy of N-Stealth and scan your IIS server from outside
your newtwork, this app will give you an idea of what might be vulnerable
on that server.
Dave Oswald
Senior Network Engineer / Security Analyst
(402) 926-5789
Cell (402) 510-5786
Nexterna, Inc.
Manage Your Mobile Resources
www.nexterna.com
NEXTERNA E-MAIL CONFIDENTIALITY NOTICE
This transmission is intended to be strictly confidential. If you are not
the intended recipient of this message, you may not disclose, print, copy
or disseminate this information. If you have received this in error, please
reply and notify the sender (only) and delete the message. Unauthorized
interception of this e-mail is a violation of federal criminal law.
Alwin Raymundo
<alrayworld () yahoo com> To: user snort <snort-users () lists sourceforge net>
Sent by: cc:
snort-users-admin@lists.sourc Subject: [Snort-users] web iis attack
eforge.net
10/25/2002 06:54 AM
Hi Guys,
I got a massive attack from one IP doing something on
my one IIS server. I already post it, some say that I
should look at the iss log files if they succeded
getting in or not.
Almost a week I puzzled my self because the snort
detect it and log the packets and everything while on
ISS log there is nothing. Absolutely nothing.
BTW, here are the sample logs in snort
HEAD
/samples/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir?/c+dir+c:
HTTP/1.0..Host: xxx.xx.xx.91
Is there any software or utilities that can do this?
let me know because I want to try it myself.
I need your help guys.
Thanks in Advance
Your brother in snort
=====
Alwin Raymundo
__________________________________________________
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com
-------------------------------------------------------
This sf.net email is sponsored by: Influence the future
of Java(TM) technology. Join the Java Community
Process(SM) (JCP(SM)) program now.
http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------------------------------------------------
This sf.net email is sponsored by: Influence the future
of Java(TM) technology. Join the Java Community
Process(SM) (JCP(SM)) program now.
http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- web iis attack Alwin Raymundo (Oct 25)
- <Possible follow-ups>
- Re: web iis attack doswald (Oct 25)
- RE: web iis attack Alwin Raymundo (Oct 25)
- RE: web iis attack Gray . Brendan (Oct 25)
- RE: web iis attack Hicks, John (Oct 25)