|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Alwin Raymundo (alrayworld_at_yahoo.com)
Date: Fri Oct 25 2002 - 06:54:44 CDT
Hi Guys,
I got a massive attack from one IP doing something on
my one IIS server. I already post it, some say that I
should look at the iss log files if they succeded
getting in or not.
Almost a week I puzzled my self because the snort
detect it and log the packets and everything while on
ISS log there is nothing. Absolutely nothing.
BTW, here are the sample logs in snort
HEAD
/samples/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir?/c+dir+c:\
HTTP/1.0..Host: xxx.xx.xx.91
Is there any software or utilities that can do this?
let me know because I want to try it myself.
I need your help guys.
Thanks in Advance
Your brother in snort
=====
Alwin Raymundo
__________________________________________________
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com
-------------------------------------------------------
This sf.net email is sponsored by: Influence the future
of Java(TM) technology. Join the Java Community
Process(SM) (JCP(SM)) program now.
http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en
_______________________________________________
Snort-users mailing list
Snort-users
lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]