Snort mailing list archives
Re: WEB-IIS cmd.exe access
From: "Ing. Daniel Manrique" <roadmr () entropia com mx>
Date: Tue, 3 Sep 2002 12:45:50 -0500 (CDT)
I know this is for IIS servers but I am seeing a ton of these in ACID to my apache server. Should I ignore?
It's usually a worm (nimda/codered) doing automated probes, so it doesn't really know whether your server'll be affected, it's just shooting in the dark. If you know FOR A FACT that your server won't be affected, it's OK to ignore them or even remove the rule file from snort.conf. That's what I do since I don't have a single IIS server on my network; altough it was fun watching the poor worms probing, it got boring fast so I disabled them. ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- WEB-IIS cmd.exe access Tony Wong (Sep 03)
- Re: WEB-IIS cmd.exe access Ing. Daniel Manrique (Sep 03)