[Snort-users] WEB-IIS Cmd attack

Togan Muftuoglu toganm at ...603...
Tue Sep 18 09:08:01 EDT 2001

I am on the list please do not CC me

* cdowns; <cdowns at ...1892...> on 18 Sep, 2001 wrote:
> What is the actual signiture as i have seen nothing yet on my servers in
> NH

Snort is catching it as WEB-IIS cmd.exe access from the snort.org rules
nothing special

Togan Muftuoglu

More information about the Snort-users mailing list