|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Ing. Daniel Manrique (roadmr_at_entropia.com.mx)
Date: Tue Sep 03 2002 - 12:45:50 CDT
> I know this is for IIS servers but I am seeing a ton of these in ACID to
> my apache server. Should I ignore?
It's usually a worm (nimda/codered) doing automated probes, so it doesn't
really know whether your server'll be affected, it's just shooting in the
dark.
If you know FOR A FACT that your server won't be affected, it's OK to
ignore them or even remove the rule file from snort.conf. That's what I do
since I don't have a single IIS server on my network; altough it was fun
watching the poor worms probing, it got boring fast so I disabled them.
-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone? Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users
lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]