[Snort-users] WEB-IIS cmd.exe access
alrayworld at ...131...
Mon Oct 7 06:58:38 EDT 2002
This morning when I review some of the attacked on our
ISS server, I found this
HEAD /c/winnt/system32/cmd.exe?/c+dir+c:\ HTTP/1.0\r\n
and so many more.
My question is does my ISS server has been exploited?
because most of the time. I always see "Connection
Closed" so I dont bother but this time I'm little bit
I check also the log files on the ISS server but the
IP address of the attacker was not there.
All service pack has been installed on this machine I
I think). I just want to be sure if my machine is not
anyone can shed light on this matter would be highly
Thanks in Advance.
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
More information about the Snort-users