Full Disclosure mailing list archives

RE: Need help to find web server attacks signature

From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Wed, 22 Oct 2003 15:05:29 -0500

-----Original Message-----
From: Maxime Ducharme [mailto:maxime () pandore-design com] 
Sent: Wednesday, October 22, 2003 12:40 PM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Need help to find web server 
attacks signature


Hi all,
    i'd need help to identify an attack that happened on one 
of our customer's web server yesterday, I put the log file 
here : 
http://www.pandore-design.com/security/2003-10-21-IIS-attack.t

xt

Looks like a vuln scanner that's designed to try a number of default
install mistakes to see if anything works.  The previous poster may be
correct that it was NIKTO.  Could also be whisker or stealth.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: Need help to find web server attacks signature Discini, Sonny (Oct 22)
- <Possible follow-ups>
- Re: Need help to find web server attacks signature Maxime Ducharme (Oct 22)
- RE: Need help to find web server attacks signature Schmehl, Paul L (Oct 22)
  - Re: Need help to find web server attacks signature Maxime Ducharme (Oct 22)