Re: what does this mean

[krista l merrill <kmerr001 () cs fiu edu>]

As far as I know, it's a rather common scan.  It's usually script kiddies
looking for a unpatched Microsoft IIS webserver.  If you run Apache or no
webserver at all, don't worry...

-Kris


 Krista Merrill
 kmerr001 () cs fiu edu

 // Programming is like sex.
 // Make one mistake, and support it the rest of your life.

 Distributed Systems and Network Group  |  Florida
                                        |  International
            School of Computer Science  |  University

On Fri, 5 Apr 2002, Omolayo Salako wrote:

> Hi list
> i am getting a lot of this on one of my sensors, does this mean someone is
> trying to do directory listing on my web server
>
> 47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25   GET /scripts/..%
> 25 33 35 25 36 33 2E 2E 2F 77 69 6E 6E 74 2F 73   %35%63../winnt/s
> 79 73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F   ystem32/cmd.exe?
> 2F 63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D   /c+dir HTTP/1.0
> 0A 48 6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E   .Host: www.Conn
> 6E 65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A   nection: close.
> 0D 0A
>
>
>
> Molayo Salako.   CISSP
> Network Security Engineer
> Goamerica communications
> T:212-487-7984
> E:osalako () corp goamerica net
> F:212-509-7348
>
> "imagination is more important than knowledge"   -Al Einstein
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users