[Snort-users] Nikto Web Server Vulnerability Scan Triggers Snort Rule to Fire
wkitty42 at ...14940...
Mon Apr 14 13:07:43 EDT 2014
On 4/14/2014 10:49 AM, Teo En Ming wrote:
> I went to https://pentest-tools.com/home online penetration testing tools
> website and launched Nikto web server vulnerability scan against my web server.
> The following alert was generated. Only one alert was generated for the Nikto
> web server vulnerability scan. *Is it too few?*
ummm... ANY alert is too many! unless one is using policy rules to track and
enforce corporate network usage policy... ideally, there will be no alerts
because there are no defects and no attacks...
as for the alert you posted, do you use coldfusion? do you have the admin
interface accessible from the outside of your network? if you do not use
coldfusion or have it installed on your network, you should disable that rule...
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
More information about the Snort-users