I've done incident response on IIS web servers and
when I've asked some admins for the web server
logs, I've received a zipped archive containing
three .evt files.
So perhaps it's not so much the product as it is
those responsible for managing it. After all, if
someone misuses a gun and
In-Reply-To: [EMAIL PROTECTED]
Also, you can run apache instead of IIS as an
added measure
of security as IIS has proven to be a bit of an
injection vector for all
manner of sicknesses...
I'm not about to dictate to anyone what web server
they should run, but if they've already
: mardi 11 décembre 2001 11:34
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Win32 Snort Question
Thanks for your help.
However since my original posting, I have discovered that W2k (perhaps NT
aswell - yet to test) can be run without an IP address.
The IP appears in the registry in twice
See inline comments.
-Original Message-
From: Stuart Underhill [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 11, 2001 2:34 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Win32 Snort Question
Thanks for your help.
SNIP IP-less info for Win2k/NT /SNIP
I have tried
this was an explanation i sent someone in an email a while back, they never called me
saying it didn't work so hopefully
that is good news. so i was kind of explaining step by step sorta
one-way receive only ehternet cable, this is a good way to make a cable, the reason
the pins 1/2 from
hub
Message-
From: Johnson, David [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 10, 2001 12:46 PM
To: 'Stuart Underhill'; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject:RE: Win32 Snort Question
You can't run an interface in Windows without an IP address. What I did on
mine
You can't run an interface in Windows without an IP address. What I did on
mine was to block all access to the machine at the firewall except for a few
addresses that I regularly use.
I would avoid putting firewall software on the machine as it might block
some traffic from Snort.
A lot of
