I've done incident response on IIS web servers and
when I've asked some admins for the web server
logs, I've received a zipped archive containing
three .evt files.
So perhaps it's not so much the product as it is
those responsible for managing it. After all, if
someone misuses a gun and
In-Reply-To: [EMAIL PROTECTED]
Also, you can run apache instead of IIS as an
added measure
of security as IIS has proven to be a bit of an
injection vector for all
manner of sicknesses...
I'm not about to dictate to anyone what web server
they should run, but if they've already
: mardi 11 décembre 2001 11:34
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Win32 Snort Question
Thanks for your help.
However since my original posting, I have discovered that W2k (perhaps NT
aswell - yet to test) can be run without an IP address.
The IP appears in the registry in twice
See inline comments.
-Original Message-
From: Stuart Underhill [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 11, 2001 2:34 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Win32 Snort Question
Thanks for your help.
SNIP IP-less info for Win2k/NT /SNIP
I have tried
this was an explanation i sent someone in an email a while back, they never called me
saying it didn't work so hopefully
that is good news. so i was kind of explaining step by step sorta
one-way receive only ehternet cable, this is a good way to make a cable, the reason
the pins 1/2 from
hub
Message-
From: Johnson, David [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 10, 2001 12:46 PM
To: 'Stuart Underhill'; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject:RE: Win32 Snort Question
You can't run an interface in Windows without an IP address. What I did on
mine
have not had any attempts on my
machine since I blocked incoming traffic at the firewall.
-Original Message-
From: Stuart Underhill [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 07, 2001 1:27 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Win32 Snort Question
I am currently
I am currently building a pair of Win32 Snort (with ACID) machines to
monitor traffic either side of our firewall.
My plan is to make the boxes as standalone as possible which will mean
running IIS on the boxes to allow the ACID analysis tool to run.
Other than standard hardening of W2k, can