Snort mailing list archives
Is someone hacking?
From: "Patric Svensson" <patric.svensson () nt se>
Date: Wed, 2 Jan 2002 11:44:28 +0100
Hello! I get a lot of alerts like this: WEB-IIS cmd.exe access and like this WEB-IIS CodeRed v2 root.exe access. How will I know if the server has been hacked? The payload look like this: "GET /scripts/..%2f../winnt/system32/cmd.exe?/c+dir r HTTP/1.0..Host: www..Connnection: close.." For the "WEB-IIS cmd.exe access" alert. If anyone could help me with this I would be very happy. Best Patric Svensson
Current thread:
- Is someone hacking? Patric Svensson (Jan 02)
- Re: Is someone hacking? Matt Kettler (Jan 02)