|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Alwin Raymundo (alrayworld_at_yahoo.com)
Date: Mon Oct 07 2002 - 08:57:16 CDT
Hi Everybody,
This morning when I review some of the attacked on our
ISS server, I found this
HEAD /c/winnt/system32/cmd.exe?/c+dir+c:\ HTTP/1.0\r\n
Host: xxx.xxx.xx.297\
and so many more.
My question is does my ISS server has been exploited?
because most of the time. I always see "Connection
Closed" so I dont bother but this time I'm little bit
worried.
I check also the log files on the ISS server but the
IP address of the attacker was not there.
All service pack has been installed on this machine I
I think). I just want to be sure if my machine is not
exploited.
anyone can shed light on this matter would be highly
aprecciated.
Thanks in Advance.
=====
Alwin Raymundo
__________________________________________________
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users
lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]