[Snort-users] Is someone hacking?

Patric Svensson patric.svensson at ...4346...
Wed Jan 2 02:44:02 EST 2002

I get a lot of alerts like this: WEB-IIS cmd.exe access and like this
WEB-IIS CodeRed v2 root.exe access. How will I know if the server has
been hacked?
The payload look like this: "GET
/scripts/..%2f../winnt/system32/cmd.exe?/c+dir r HTTP/1.0..Host:
www..Connnection: close.." 
For the "WEB-IIS cmd.exe access" alert. If anyone could help me with
this I would be very happy.
Patric Svensson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020102/57d919ce/attachment.html>

More information about the Snort-users mailing list