Snort mailing list archives
Preventing Attacks
From: "David Alexandre M. de Carvalho" <david () medusa ubi pt>
Date: Tue, 25 Jun 2002 14:39:48 +0100
Hi all ! I've installed SNORT a few months ago to monitor some network activity. Lately I've noted several messages in the log file, something like: WEB-IIS cmd.exe [**] [Classification: Web Application Attack] ..... WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack] ..... SCAN Proxy attempt [**] [Classification: Attempted information leak] ICMP superscan echo [**] [Classification: Attempted information leak] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] ..... I installed the machines with maximum security, some firewall configuration, etc Can anyone help with this ? Any ideas ? Thanks. David Carvalho
Current thread:
- Preventing Attacks David Alexandre M. de Carvalho (Jun 25)
- <Possible follow-ups>
- RE: Preventing Attacks McCammon, Keith (Jun 26)
- Re: Preventing Attacks Jeffrey Taylor (Jun 26)
- Re: Preventing Attacks Jeff Taylor (Jun 27)
- Re: Preventing Attacks John Sage (Jun 28)
- Re: Preventing Attacks Jeffrey Taylor (Jun 26)
- Re: Preventing Attacks Jeffrey Taylor (Jun 27)
- RE: Preventing Attacks Hicks, John (Jun 26)
- RE: Preventing Attacks Slighter, Tim (Jun 26)