Snort mailing list archives

Re: WEB-IIS cmd.exe access

From: "Ing. Daniel Manrique" <roadmr () entropia com mx>
Date: Tue, 3 Sep 2002 12:45:50 -0500 (CDT)

I know this is for IIS servers but I am seeing a ton of these in ACID to
my apache server. Should I ignore?


It's usually a worm (nimda/codered) doing automated probes, so it doesn't 
really know whether your server'll be affected, it's just shooting in the 
dark.

If you know FOR A FACT that your server won't be affected, it's OK to
ignore them or even remove the rule file from snort.conf. That's what I do
since I don't have a single IIS server on my network; altough it was fun
watching the poor worms probing, it got boring fast so I disabled them.



-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

WEB-IIS cmd.exe access Tony Wong (Sep 03)
- Re: WEB-IIS cmd.exe access Ing. Daniel Manrique (Sep 03)