Mark Andrich wrote: > I just installed Snort on my IIS/Proxy server on Monday. On Tuesday I logged > 255 alerts for the unicode exploit. A check of the log file revealed that > our server was attacking another server out on the internet. You might want to double-check this, in particular check the domain of the destination host. I get a false-positive IIS unicode attack in my snort logs every time somebody in my office goes to the "my netscape" web site. Haven't tracked down yet why that is, would appreciate a note from anybody who knows what's really going on. If your box really is r00ted and attacking somebody then I'm sorry I posted this, and best of luck... -- ~~~Michael Jinks, IB // Technical Entity // Saecos Corporation~~~~
This archive was generated by hypermail 2b30 : Fri Jun 22 2001 - 10:53:33 PDT