Security Incidents mailing list archives

Re: IIS Exploit...

From: Brian Caswell <bmc () MITRE ORG>
Date: Wed, 9 May 2001 08:47:33 -0400

Chris Hobbs wrote:


Well, not too much info here - regrettably my snort rules file got
zeroed out when whitehats.com changed their format. So, all I have is my
IIS logs - however, it's pretty straightforward what happened:


YET ANOTHER REASON NOT TO AUTOMAGICLY UPDATE YOUR RULESET!!!!!!!!!

Geez.  I don't know how many times I have to say this.  Automagicly
downloading rulesets for ANYTHING is a very DUMB idea.  If you are
deploying anything like this and you want automagic updates to your
sensors, at LEAST pull your rules from a LOCALLY administrated copy.
And update the LOCAL copy by hand.

-brian

Current thread:

IIS Exploit... Chris Hobbs (May 08)
- Re: IIS Exploit... Hugo van der Kooij (May 08)
- Re: IIS Exploit... Bob Johnson (May 10)
- Re: IIS Exploit... Brian Caswell (May 10)
- <Possible follow-ups>
- Re: IIS Exploit... Schmidt, Mike (May 10)