[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Need help to find web server attacks signature

To: "Maxime Ducharme" <maxime@pandore-design.com>, <full-disclosure@lists.netsys.com>
Subject: RE: [Full-Disclosure] Need help to find web server attacks signature
From: "Schmehl, Paul L" <pauls@utdallas.edu>
Date: Wed, 22 Oct 2003 15:05:29 -0500

> -----Original Message-----
> From: Maxime Ducharme [mailto:maxime@pandore-design.com] 
> Sent: Wednesday, October 22, 2003 12:40 PM
> To: full-disclosure@lists.netsys.com
> Subject: [Full-Disclosure] Need help to find web server 
> attacks signature
> 
> 
> Hi all,
>     i'd need help to identify an attack that happened on one 
> of our customer's web server yesterday, I put the log file 
> here : 
> http://www.pandore-design.com/security/2003-10-21-IIS-attack.t
xt

Looks like a vuln scanner that's designed to try a number of default
install mistakes to see if anything works.  The previous poster may be
correct that it was NIKTO.  Could also be whisker or stealth.

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Need help to find web server attacks signature
  - From: "Maxime Ducharme" <maxime@pandore-design.com>

Prev by Date: RE: [Full-Disclosure] RE: Linux (in)security
Next by Date: Re: [Full-Disclosure] RE: Linux (in)security
Previous by thread: RE: [Full-Disclosure] Need help to find web server attacks signature
Next by thread: Re: [Full-Disclosure] Need help to find web server attacks signature
Index(es):
- Date
- Thread