[Snort-users] web iis attack

doswald at ...6357... doswald at ...6357...
Fri Oct 25 05:51:07 EDT 2002


Alwin,
     Download a copy of N-Stealth and scan your IIS server from outside
your newtwork, this app will give you an idea of what might be vulnerable
on that server.

Dave Oswald
Senior Network Engineer / Security Analyst
(402) 926-5789
Cell (402) 510-5786

Nexterna, Inc.
Manage Your Mobile Resources
www.nexterna.com

NEXTERNA E-MAIL CONFIDENTIALITY NOTICE
This transmission is intended to be strictly confidential. If you are not
the intended recipient of this message, you may not disclose, print, copy
or disseminate this information. If you have received this in error, please
reply and notify the sender (only) and delete the message. Unauthorized
interception of this e-mail is a violation of federal criminal law.



                                                                                                                                 
                    Alwin Raymundo                                                                                               
                    <alrayworld at ...131...>               To:     user snort <snort-users at lists.sourceforge.net>                  
                    Sent by:                             cc:                                                                     
                    snort-users-admin at ...635...        Subject:     [Snort-users] web iis attack                               
                    eforge.net                                                                                                   
                                                                                                                                 
                                                                                                                                 
                    10/25/2002 06:54 AM                                                                                          
                                                                                                                                 
                                                                                                                                 




Hi Guys,

I got a massive attack from one IP doing something on
my one IIS server.  I already post it, some say that I
should look at the iss log files if they succeded
getting in or not.

Almost a week I puzzled my self because the snort
detect it and log the packets and everything while on
ISS log there is nothing. Absolutely nothing.

BTW, here are the sample logs in snort
HEAD
/samples/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir?/c+dir+c:


HTTP/1.0..Host: xxx.xx.xx.91

Is there any software or utilities that can do this?
let me know because I want to try it myself.

I need your help guys.

Thanks in Advance

Your brother in snort

=====
Alwin Raymundo

__________________________________________________
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com


-------------------------------------------------------
This sf.net email is sponsored by: Influence the future
of Java(TM) technology. Join the Java Community
Process(SM) (JCP(SM)) program now.
http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users








More information about the Snort-users mailing list