We received one scan today from 206.29.36.131, with payload: GET /scripts/nsiislog.dll. I don't remember seing this kind of activity before in the last 3 months. Omar Herrera > Greetings All, > This morning I noticed that snort had logged a > whole lot of "WEB-IIS nsiislog.dll access" alerts. After > several hours of investigation I decided that there are > enough interesting and different things about this > incident to warrant writing a summary of what happened. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Sun Aug 10 2003 - 10:57:46 PDT