[Dshield] (new?) IIS 'galaxy' vulnerability scanner ?
ed.truitt at etee2k.net
Sat Jun 8 13:39:10 GMT 2002
I did the same thing, but am only searching for the string "/galaxy_" - I
noticed the numbers weren't consistent across the reports I read.
PGP fingerprint: 5368 D25E 468C A250 9833 CCD6 DBAE 9C25 02F9 0AB9
"Note to spammers: my 'delete' key is connected to YOUR ISP.
Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."
----- Original Message -----
> Added to snort;
> alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 $HTTP_PORTS (msg:"WEB-IIS
> Galaxy- [fwd to list at dshield.org] access";flags:A+;
> uricontent:"/galaxy_10400.10746"; nocase;
> reference:20020607210148.32b65ff8.jullrich at sans.org;
> See what it comes up with.
More information about the list