Snort mailing list archives
WEB-IIS cmd.exe access
From: Alwin Raymundo <alrayworld () yahoo com>
Date: Mon, 7 Oct 2002 06:57:16 -0700 (PDT)
Hi Everybody, This morning when I review some of the attacked on our ISS server, I found this HEAD /c/winnt/system32/cmd.exe?/c+dir+c:\ HTTP/1.0\r\n Host: xxx.xxx.xx.297\ and so many more. My question is does my ISS server has been exploited? because most of the time. I always see "Connection Closed" so I dont bother but this time I'm little bit worried. I check also the log files on the ISS server but the IP address of the attacker was not there. All service pack has been installed on this machine I I think). I just want to be sure if my machine is not exploited. anyone can shed light on this matter would be highly aprecciated. Thanks in Advance. ===== Alwin Raymundo __________________________________________________ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- WEB-IIS cmd.exe access Alwin Raymundo (Oct 07)
- <Possible follow-ups>
- RE: WEB-IIS cmd.exe access Laverdière Yvan (Oct 07)
- RE: WEB-IIS cmd.exe access Brown, Bobby (US - Hermitage) (Oct 10)