Snort mailing list archives
Re: Directory Traversal
From: Brian <bmc () snort org>
Date: Mon, 1 Oct 2001 00:20:42 -0400
According to Erek Adams:
Then it translates into: Someone used URL with "..\\" in it. If it's got cmd.exe tacked onto it, I'd say it is something like CR or Nimda. Could you post the packet payload? Sanitized of course! :)
Yes. That is triggered by NIMDA. the unicode attacks include that. -brian _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Directory Traversal Erek Adams (Sep 30)
- Re: Directory Traversal Brian (Sep 30)
- Re: Directory Traversal Jim Kipp (Oct 01)
- Re: Directory Traversal Jim Kipp (Oct 01)
- Re: Directory Traversal Brian (Sep 30)