[Dshield] (new?) IIS 'galaxy' vulnerability scanner ?

Ed Truitt ed.truitt at etee2k.net
Sat Jun 8 13:39:10 GMT 2002

I did the same thing, but am only searching for the string "/galaxy_" - I
noticed the numbers weren't consistent across the reports I read.

Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
 Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."

----- Original Message -----
>     Added to snort;
> alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 $HTTP_PORTS (msg:"WEB-IIS
> Galaxy- [fwd to list at dshield.org] access";flags:A+;
> uricontent:"/galaxy_10400.10746"; nocase;
> reference:20020607210148.32b65ff8.jullrich at sans.org;
> classtype:web-application-attack;)
> See what it comes up with.

More information about the list mailing list