[Snort-users] Preventing Attacks

McCammon, Keith Keith.McCammon at ...3497...
Wed Jun 26 06:18:03 EDT 2002

Please specify you OS, as well as your sensor placement relative to the target host and any firewalls.
It would also help to specify what type of help you seek.  Do you want signature explanations?  Do you want to know if your hosts were compromised?  Do you want information on hardening your hosts?  Do you want to know how to reconfigure your firewall so that Snort doesn't get so much of this crap fired across her bow?
Most of those were off-topic, but you get the point...

-----Original Message-----
From: David Alexandre M. de Carvalho [mailto:david at ...6169...]
Sent: Tuesday, June 25, 2002 9:40 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Preventing Attacks

Hi all !

I've installed SNORT a few months ago to monitor some network activity.
Lately I've noted several messages in the log file, something like:

WEB-IIS cmd.exe [**] [Classification: Web Application Attack] .....
WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack]

SCAN Proxy attempt [**] [Classification: Attempted information leak]
ICMP superscan echo [**] [Classification: Attempted information leak]

WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application
Attack] .....

I installed the machines with maximum security, some firewall configuration,
Can anyone help with this ? Any ideas ?
David Carvalho

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020626/9ed65b26/attachment.html>

More information about the Snort-users mailing list