Snort mailing list archives

Re: cmd.exe

From: "Michael Scheidell" <scheidell () fdma com>
Date: Mon, 29 Apr 2002 10:03:00 -0400


----- Original Message ----- 
From: "Ronald Prins" <prins () fox-it com>
Newsgroups: local.snort.users
Sent: Monday, April 29, 2002 4:37 AM
Subject: [Snort-users] cmd.exe

We are monitoring multiple sensors for a number of customers (The
Netherlands). We noticed a recent increase in the number of SID: 1002
"cmd.exe" attempts. 

Have others noticed the same?

Massive increase, all over, cmd.exe, root.exe, vti-bin, etc.
Code red awoke...

FlexResp question:

which response do you think? rst_all icmp_host? what?


Ronald.


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

---


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

cmd.exe Ronald Prins (Apr 29)
- Re: cmd.exe Martin Forest (Apr 29)
- Re: cmd.exe Grace Pittmon (Apr 29)
- Re: cmd.exe Michael Scheidell (Apr 29)
- <Possible follow-ups>
- RE: cmd.exe Potts, Ross A. (Apr 29)