[Snort-users] Preventing Attacks
Keith.McCammon at ...3497...
Wed Jun 26 06:18:03 EDT 2002
Please specify you OS, as well as your sensor placement relative to the target host and any firewalls.
It would also help to specify what type of help you seek. Do you want signature explanations? Do you want to know if your hosts were compromised? Do you want information on hardening your hosts? Do you want to know how to reconfigure your firewall so that Snort doesn't get so much of this crap fired across her bow?
Most of those were off-topic, but you get the point...
From: David Alexandre M. de Carvalho [mailto:david at ...6169...]
Sent: Tuesday, June 25, 2002 9:40 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Preventing Attacks
Hi all !
I've installed SNORT a few months ago to monitor some network activity.
Lately I've noted several messages in the log file, something like:
WEB-IIS cmd.exe [**] [Classification: Web Application Attack] .....
WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack]
SCAN Proxy attempt [**] [Classification: Attempted information leak]
ICMP superscan echo [**] [Classification: Attempted information leak]
WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application
I installed the machines with maximum security, some firewall configuration,
Can anyone help with this ? Any ideas ?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users