Security Incidents mailing list archives
Re: Overwhelmed........
From: "Michael R. Jinks" <mjinks () saecos com>
Date: Thu, 21 Jun 2001 13:07:26 -0500
Mark Andrich wrote:
I just installed Snort on my IIS/Proxy server on Monday. On Tuesday I logged 255 alerts for the unicode exploit. A check of the log file revealed that our server was attacking another server out on the internet.
You might want to double-check this, in particular check the domain of the destination host. I get a false-positive IIS unicode attack in my snort logs every time somebody in my office goes to the "my netscape" web site. Haven't tracked down yet why that is, would appreciate a note from anybody who knows what's really going on.
If your box really is r00ted and attacking somebody then I'm sorry I posted this, and best of luck...
-- ~~~Michael Jinks, IB // Technical Entity // Saecos Corporation~~~~
Current thread:
- Overwhelmed........ Mark Andrich (Jun 21)
- Re: Overwhelmed........ Michael R. Jinks (Jun 22)
- RE: Overwhelmed........ John R. Morris (Jun 22)
- Re: Overwhelmed........ Rune Kristian Viken (Jun 24)
- <Possible follow-ups>
- RE: Overwhelmed........ Oliver Eckel (Jun 24)