[Snort-users] Preventing Attacks

David Alexandre M. de Carvalho david at ...6169...
Tue Jun 25 20:48:02 EDT 2002

Hi all !

I've installed SNORT a few months ago to monitor some network activity.
Lately I've noted several messages in the log file, something like:

WEB-IIS cmd.exe [**] [Classification: Web Application Attack] .....
WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack]

SCAN Proxy attempt [**] [Classification: Attempted information leak]
ICMP superscan echo [**] [Classification: Attempted information leak]

WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application
Attack] .....

I installed the machines with maximum security, some firewall configuration,
Can anyone help with this ? Any ideas ?
David Carvalho

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020625/3311a823/attachment.html>

More information about the Snort-users mailing list