[Snort-users] Directory Traversal

Brian bmc at ...950...
Sun Sep 30 21:22:01 EDT 2001


According to Erek Adams:
> Then it translates into:  Someone used URL with "..\\" in it.  If it's got
> cmd.exe tacked onto it, I'd say it is something like CR or Nimda.
> 
> Could you post the packet payload?  Sanitized of course! :)

Yes.  That is triggered by NIMDA.  the unicode attacks include that.

-brian




More information about the Snort-users mailing list