Snort mailing list archives

RE: eEyeIsTheBest seen in http?

From: Steve Halligan <agent33 () geeksquad com>
Date: Thu, 27 Sep 2001 16:14:44 -0500

This is either Retina or one of Eeye's other vulnerability scanning tools.
Check 'em out at www.eeye.com
Eeye is a legitimate organization, the person using the tool on you may not
be.
BTW, they are scanning for the IIS unicode directory traversal vulnerability
which is used by Nimda and SadMind and others.

-Steve

Subject: [Snort-users] eEyeIsTheBest seen in http?


Has anyone else seen this?

I am seeing a handful of these, from internal machines, 
sometimes going to
other segments in the network as well as to outside systems 
(web servers).


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

eEyeIsTheBest seen in http? Tom Sevy (Sep 27)
- Re: eEyeIsTheBest seen in http? Erek Adams (Sep 27)
- Re: eEyeIsTheBest seen in http? niceshorts (Sep 27)
- <Possible follow-ups>
- RE: eEyeIsTheBest seen in http? Steve Halligan (Sep 27)