[Snort-sigs] cmd.exe and iisamples

Jerry.L.Rose at ...1475... Jerry.L.Rose at ...1475...
Wed Apr 23 12:08:31 EDT 2003

Go to Microsoft and get the IISLockdown tool. They offer many free security
tools like hfnetcheck too.

-----Original Message-----
From: Bryan Irvine [mailto:bryan.irvine at ...1441...]
Sent: Wednesday, April 23, 2003 2:13 PM
To: snort-sigs at lists.sourceforge.net
Subject: [Snort-sigs] cmd.exe and iisamples

I got a couple of funny things in my snort logs.  The reason I installed
snort is because the windows server was hacked (I don't like windows
anyway) but do these logs mean that they were accessed? or just
attempted?  How can I block access to cmd.exe and iissamples just to
make doubly sure?

[**] WEB-IIS cmd.exe access [**]
04/11-22:55:22.078617 ->
TCP TTL:113 TOS:0x0 ID:4697 IpLen:20 DgmLen:161 DF
***AP**F Seq: 0xA50546C  Ack: 0xC2DF7BCF  Win: 0x2238  TcpLen: 20

[**] WEB-IIS iissamples access [**]
04/11-22:56:11.738609 ->
TCP TTL:113 TOS:0x0 ID:3173 IpLen:20 DgmLen:127 DF
***AP**F Seq: 0xA54488B  Ack: 0xC398F327  Win: 0x2238  TcpLen: 20


This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20030423/2fd53491/attachment.html>

More information about the Snort-sigs mailing list