Hosting Provided By

RE: New scanner?

From: Jason Frey <jmfrey(at)charter.net>
Date: Sat Nov 23 2002 - 02:02:54 EST

Just because Snort alerts on it doesn't necessarily mean there is a compromised box.

With publicly accessible web servers, your Snort is likely to see hundreds of IIS targeted attacks daily. These are not false alarms, but they may not be effective attacks either. If your IIS systems are patched and configured correctly, they may not be compromised.

Still, I would examine the boxes as Jeremy suggests. Once you are sure they are patched and configured correctly, you can create pass rules for those boxes if you choose to not get alerted with these events for them.

At 09:10 PM 11/21/2002 -0500, newsletters wrote:
>Jeremy,

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Mon Nov 25 13:16:06 2002

This message: [ Message body ]
Next message: Hugo van der Kooij: "SMTP harrasment by nie2.infomail.es?"
Previous message: Jonathan Bloomquist: "RE: Proxy server hit... Any ideas?"
In reply to newsletters: "RE: New scanner?"
Next in thread: Rob Shein: "RE: New scanner?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:51 EDT