> I went back to the snort logs and had a look at the packet dumps and > found that they were all HEAD requests which appear not to be logged by > IIS. whisker uses HEAD requests by default. IIS will log HEAD requests, but may require some reconfiguration of logging parameters. I.E. I just checked and this was logged on an IIS 4 server: 13:31:51 195.92.95.69 W3SVC30 HEAD /index.htm - 200 284 153 80 Mozilla/4.0+ (compatible;+Netcraft+Web+Server+Survey) http://www.netcraft.com/survey/ I've selected "W3C Extended Log File Format" in the MMC. Also under "Properties" I have checked "Method" (plus everything else of interest). If you find that these settings are present on your system, perhaps the logs were cleaned. Mike ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Oct 28 2001 - 18:37:56 PST