[Snort-users] possible exploit

Frank Knobbe frank at ...9761...
Wed Feb 15 08:00:05 EST 2006


On Wed, 2006-02-15 at 02:08 -0600, Robert T Wyatt wrote:
> It's possible that I wasn't logging at the moment this hit, but it did 
> not show up in my snort log and so I believe it was missed. I don't know 
> what it was after, but it doesn't look friendly to me.
> 
> 60.10.38.189 - - [14/Feb/2006:22:20:03 -0600] "GET 
> /level/16/exec/-///pwd  HTTP/1.0" 404 346 "-" "-"

Your Snort didn't alert on that? Mine do all the time. It's SID 1250
(web-misc.rules). You might want to check your config to see if this
rule file is loaded and to ensure you don't miss other sigs too.

Regards,
Frank

-- 
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20060215/90c5a8e9/attachment.sig>


More information about the Snort-users mailing list