Security Incidents mailing list archives

Re: Overwhelmed........

From: "Michael R. Jinks" <mjinks () saecos com>
Date: Thu, 21 Jun 2001 13:07:26 -0500

Mark Andrich wrote:

I just installed Snort on my IIS/Proxy server on Monday. On Tuesday I logged
255 alerts for the unicode exploit. A check of the log file revealed that
our server was attacking another server out on the internet.

You might want to double-check this, in particular check the domain ofthe destination host. I get a false-positive IIS unicode attack in mysnort logs every time somebody in my office goes to the "my netscape"web site. Haven't tracked down yet why that is, would appreciate a notefrom anybody who knows what's really going on.

If your box really is r00ted and attacking somebody then I'm sorry Iposted this, and best of luck...


--
~~~Michael Jinks, IB // Technical Entity // Saecos Corporation~~~~

Current thread:

Overwhelmed........ Mark Andrich (Jun 21)
- Re: Overwhelmed........ Michael R. Jinks (Jun 22)
- RE: Overwhelmed........ John R. Morris (Jun 22)
- Re: Overwhelmed........ Rune Kristian Viken (Jun 24)
- <Possible follow-ups>
- RE: Overwhelmed........ Oliver Eckel (Jun 24)