Yep your wrong Matt, you can export the key out of IIS4 and
import it into IIS5. I've done it. In our case we
moved our web server from an NT4 box with IIS4 to a
Win2000 box with IIS5.
Jim Grossl
Boise, Idaho USA
-Original Message-
From: Matt LYNCH [mailto:[EMAIL PROTECTED]]
Hi John,
Are your saying that you have or are thinking of configuring
your firewall to filter out packets with non-privileged ports in the
*source* address? If you could I would think this would shutdown
a great deal of incoming traffic!! This is not what you want.
Jim Grossl
Boise, Idaho USA
ra
does not, and I'm pretty sure Pegasus does not.
Jim Grossl
Boise, Idaho USA
-Original Message-
From: Enquiries [mailto:[EMAIL PROTECTED]]
Sent: Sunday, March 10, 2002 12:12 PM
To: [EMAIL PROTECTED]
Subject: pegasus mail v eudora
Could you please advise what security issues I shoul
Also, when setting your path, remember that Snort will
not take > 8 characters in a directory (or file) name
argument. So if you installed Snort in C:\Program Files\Snort,
you must type C:\Progra~1\Snort for the path. This little SNAFU
caused me all kinds of hate and discontent.
Jim Gro
you are running
the IDScenter that came with the version of Snort
you are running and not one that came with a prior
version.
Jim Grossl
Boise, Idaho USA
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 11, 2002 10:13 AM
To: [EMAIL PROTECTED]
This error has to do with Winpcap and the way
the version of Snort downloaded from Snort.org
initializes it. Uninstall your version of Snort,
go to SiliconDefense.com, download their version
of the Snort installer and install it.
Jim Grossl
Boise, Idaho USA
-Original Message-
From
That I was advertising the fact that this machine
was vulnerable to backdoor attacks never
occurred to me. Although I did not recognize
these attacks as Nimda, I should have known
better. When I posted this I thought it was just
someone out there hammering my server.
Thanks Holger.
Jim Grossl
ing
bloody murder, because of 15 or so .ida
"Attempted Administrator Privilege Gain" attacks,
so the fun never ends.
Grep, hmmm, seems I've heard that apps name
before... :)
Jim Grossl
Lee Pesky Learning Center
Boise, Idaho USA
-Original Message-
From: Bill Walls
Hi Todd, the machine is patched. I am not however running
the URL Scan filter. But the server is issuing 400 level
error messages, and I cannot find any abnormal processes
or open ports (using fport).
BTW, I see allot of these also, but last weekend was
the pits!
Jim Grossl
Lee Pesky Learning
rflow the same
thing? I know what a buffer overflow is.
It was my impression that a file traversal
was a flaw in the way IIS dealt with strings
representing directory paths.
Jim Grossl
Lee Pesky Learning Center
Boise, Idaho USA
-Original Message-
From: Ravila White [mailto:[EMAIL PROTECT
current on all security
patches (all patches period for that matter, I'm paranoid).
Jim Grossl
Lee Pesky Learning Center
Boise, Idaho USA
-Original Message-
From: Andrew Blevins [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 16, 2002 11:14 AM
To: Jim Grossl
Subject: RE: IIS l
ld like to know what everyone thinks of these attacks. My
Web server logged > 2000 of these attacks over the weekend. I'm
pretty sure that attacks are not succeeding, but I've read that
if the "%5c" shows up in the Double Decode attack that the file
traversal is taking place. Thanks.
Jim Grossl
most firewalls?
I guess I had not thought much about it, but had I,
I would have assumed that there was a more sophisticated
method being used; although I do realize that there is
probably no way to know just what program is probing a
given port.
Jim Grossl
Lee Pesky Learning Center
Boise, Idaho
13 matches
Mail list logo