[Snort-users] WEB-IIS cmd.exe access
Ing. Daniel Manrique
roadmr at ...5706...
Tue Sep 3 10:47:02 EDT 2002
> I know this is for IIS servers but I am seeing a ton of these in ACID to
> my apache server. Should I ignore?
It's usually a worm (nimda/codered) doing automated probes, so it doesn't
really know whether your server'll be affected, it's just shooting in the
If you know FOR A FACT that your server won't be affected, it's OK to
ignore them or even remove the rule file from snort.conf. That's what I do
since I don't have a single IIS server on my network; altough it was fun
watching the poor worms probing, it got boring fast so I disabled them.
More information about the Snort-users