[Snort-users] possible exploit
frank at ...9761...
Wed Feb 15 08:00:05 EST 2006
On Wed, 2006-02-15 at 02:08 -0600, Robert T Wyatt wrote:
> It's possible that I wasn't logging at the moment this hit, but it did
> not show up in my snort log and so I believe it was missed. I don't know
> what it was after, but it doesn't look friendly to me.
> 220.127.116.11 - - [14/Feb/2006:22:20:03 -0600] "GET
> /level/16/exec/-///pwd HTTP/1.0" 404 346 "-" "-"
Your Snort didn't alert on that? Mine do all the time. It's SID 1250
(web-misc.rules). You might want to check your config to see if this
rule file is loaded and to ensure you don't miss other sigs too.
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 187 bytes
Desc: This is a digitally signed message part
More information about the Snort-users