Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Nikto Web Server Vulnerability Scan Triggers Snort Rule to Fire

From: waldo kitty <wkitty42 () windstream net>
Date: Mon, 14 Apr 2014 13:07:43 -0400
On 4/14/2014 10:49 AM, Teo En Ming wrote:

I went to https://pentest-tools.com/home online penetration testing tools
website and launched Nikto web server vulnerability scan against my web server.
The following alert was generated. Only one alert was generated for the Nikto
web server vulnerability scan. *Is it too few?*


ummm... ANY alert is too many! unless one is using policy rules to track and 
enforce corporate network usage policy... ideally, there will be no alerts 
because there are no defects and no attacks...

as for the alert you posted, do you use coldfusion? do you have the admin 
interface accessible from the outside of your network? if you do not use 
coldfusion or have it installed on your network, you should disable that rule...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: