I've can confirm receiving these beginning Sun Jul 6 16:03:15 2003. I had been watching since Jun 7. Justin On Sun, Aug 10, 2003 at 05:50:03PM +0000, oherrera wrote: > > We received one scan today from 206.29.36.131, with payload: > GET /scripts/nsiislog.dll. I don't remember seing this kind > of activity before in the last 3 months. > > Omar Herrera > > > Greetings All, > > This morning I noticed that snort had logged a > > whole lot of 'WEB-IIS nsiislog.dll access' alerts. After > > several hours of investigation I decided that there are > > enough interesting and different things about this > > incident to warrant writing a summary of what happened. > > --------------------------------------------------------------------------- > ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon Aug 11 2003 - 02:00:40 PDT