[Snort-users] Directory Traversal
erek at ...577...
Sun Sep 30 08:25:03 EDT 2001
On Sun, 30 Sep 2001, Jim Kipp wrote:
> I turned off the IIS rules, but I am still getting frequent alerts of:
> Web-MISC http Directory Traversal. Class: attempted information leak
> Is this related to the nimbda or code red stuff? I tried to check it out
> at whitehats, but that site is still down.
Have a look at the alert. Notice the 'Web-MISC'? That rule is in
web-misc.rules not in web-iis.rules.
Related to CR and Nidma? Well, that's not the alert that I see for those...
:-/ Have a look at the packet payload and it should help you determine what's
Hope that helps!
More information about the Snort-users