[Snort-users] Directory Traversal

Erek Adams erek at ...577...
Sun Sep 30 08:25:03 EDT 2001


On Sun, 30 Sep 2001, Jim Kipp wrote:

> I turned off the IIS rules, but I am still getting frequent alerts of:
> Web-MISC http Directory Traversal. Class: attempted information leak
> Is this related to the nimbda or code red stuff? I tried to check it out
> at whitehats, but that site is still down.

Have a look at the alert.  Notice the 'Web-MISC'?  That rule is in
web-misc.rules not in web-iis.rules.

Related to CR and Nidma?  Well, that's not the alert that I see for those...
:-/  Have a look at the packet payload and it should help you determine what's
going on.

Hope that helps!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list