No subject


Thu Nov 23 16:36:19 EST 2017


If I'm_Wrong Then Ignore

My best solution would be to use one of the BlackIce products according to
workstation or server and use the 'Auto-Block' feature of IDSCenter to write
attacking ip's to the blackice firewall.ini.

End If
 
hth,
 
John

-----Original Message-----
From: David Alexandre M. de Carvalho [mailto:david at ...6169...]
Sent: Tuesday, June 25, 2002 9:40 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Preventing Attacks


Hi all !

I've installed SNORT a few months ago to monitor some network activity.
Lately I've noted several messages in the log file, something like:

WEB-IIS cmd.exe [**] [Classification: Web Application Attack] .....
WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack]
.....

SCAN Proxy attempt [**] [Classification: Attempted information leak]
ICMP superscan echo [**] [Classification: Attempted information leak]

WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application
Attack] .....


I installed the machines with maximum security, some firewall configuration,
etc
Can anyone help with this ? Any ideas ?
Thanks.
David Carvalho












------_=_NextPart_001_01C21D16.B141A2F0
Content-Type: text/html;
	charset="iso-8859-1"

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">


<META content="MSHTML 5.50.4725.2100" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><SPAN class=577103813-26062002><FONT face=Arial color=#0000ff size=2>From 
your snippits I'll guess that your running Win32 ...</FONT></SPAN></DIV>
<DIV><SPAN class=577103813-26062002><FONT face=Arial color=#0000ff 
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=577103813-26062002><FONT face=Arial color=#0000ff size=2>If 
I'm_Wrong Then Ignore</FONT></SPAN></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
  <DIV><SPAN class=577103813-26062002><FONT face=Arial color=#0000ff size=2>My 
  best solution would be to use one of the BlackIce products according to 
  workstation or server and use the 'Auto-Block' feature of IDSCenter to write 
  attacking ip's to the blackice firewall.ini.</FONT></SPAN></DIV></BLOCKQUOTE>
<DIV dir=ltr><SPAN class=577103813-26062002><FONT face=Arial color=#0000ff 
size=2>End If</FONT></SPAN></DIV>
<DIV><SPAN class=577103813-26062002><FONT face=Arial color=#0000ff 
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=577103813-26062002><FONT face=Arial color=#0000ff 
size=2>hth,</FONT></SPAN></DIV>
<DIV><SPAN class=577103813-26062002><FONT face=Arial color=#0000ff 
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=577103813-26062002><FONT face=Arial color=#0000ff 
size=2>John</FONT></SPAN></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
  <DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma 
  size=2>-----Original Message-----<BR><B>From:</B> David Alexandre M. de 
  Carvalho [mailto:david at ...6169...]<BR><B>Sent:</B> Tuesday, June 25, 2002 
  9:40 AM<BR><B>To:</B> snort-users at lists.sourceforge.net<BR><B>Subject:</B> 
  [Snort-users] Preventing Attacks<BR><BR></FONT></DIV>
  <DIV><FONT face=Arial size=2><FONT face="Times New Roman" size=3>Hi all 
  !<BR><BR>I've installed SNORT a few months ago to monitor some network 
  activity.<BR>Lately I've noted several messages in the log file, something 
  like:<BR><BR>WEB-IIS cmd.exe [**] [Classification: Web Application Attack] 
  .....<BR>WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application 
  Attack]<BR>.....<BR><BR>SCAN Proxy attempt [**] [Classification: Attempted 
  information leak]<BR>ICMP superscan echo [**] [Classification: Attempted 
  information leak]<BR><BR>WEB-IIS CodeRed v2 root.exe access [**] 
  [Classification: Web Application<BR>Attack] .....<BR><BR><BR>I installed the 
  machines with maximum security, some firewall configuration,<BR>etc<BR>Can 
  anyone help with this ? Any ideas ?<BR>Thanks.<BR>David 
  Carvalho</FONT><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR></FONT></DIV></BLOCKQUOTE></BODY></HTML>

------_=_NextPart_001_01C21D16.B141A2F0--




More information about the Snort-users mailing list