Snort mailing list archives
RE: Preventing Attacks
From: "McCammon, Keith" <Keith.McCammon () eadvancemed com>
Date: Wed, 26 Jun 2002 09:15:40 -0400
Please specify you OS, as well as your sensor placement relative to the target host and any firewalls. It would also help to specify what type of help you seek. Do you want signature explanations? Do you want to know if your hosts were compromised? Do you want information on hardening your hosts? Do you want to know how to reconfigure your firewall so that Snort doesn't get so much of this crap fired across her bow? Most of those were off-topic, but you get the point... Cheers Keith -----Original Message----- From: David Alexandre M. de Carvalho [mailto:david () medusa ubi pt] Sent: Tuesday, June 25, 2002 9:40 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Preventing Attacks Hi all ! I've installed SNORT a few months ago to monitor some network activity. Lately I've noted several messages in the log file, something like: WEB-IIS cmd.exe [**] [Classification: Web Application Attack] ..... WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack] ..... SCAN Proxy attempt [**] [Classification: Attempted information leak] ICMP superscan echo [**] [Classification: Attempted information leak] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] ..... I installed the machines with maximum security, some firewall configuration, etc Can anyone help with this ? Any ideas ? Thanks. David Carvalho
Current thread:
- Preventing Attacks David Alexandre M. de Carvalho (Jun 25)
- <Possible follow-ups>
- RE: Preventing Attacks McCammon, Keith (Jun 26)
- Re: Preventing Attacks Jeffrey Taylor (Jun 26)
- Re: Preventing Attacks Jeff Taylor (Jun 27)
- Re: Preventing Attacks John Sage (Jun 28)
- Re: Preventing Attacks Jeffrey Taylor (Jun 26)
- Re: Preventing Attacks Jeffrey Taylor (Jun 27)
- RE: Preventing Attacks Hicks, John (Jun 26)
- RE: Preventing Attacks Slighter, Tim (Jun 26)