# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS(msg:”SERVER-IIS Microsoft Windows IIS directory traversalattempt”; flow:to_server,established; content:”..|5C|..”;fast_pattern:only; metadata:policy max-detect-ips drop, rulesetcommunity, service http; reference:bugtraq,2218;reference:cve,1999-0229; classtype:web-application-attack; sid:974;rev:23;)
a. In which direction is the packet going? (Into our server, orout to the Internet?)
b. What protocol is being used?
c. Find out what this is all about by looking up the cvereference.
d. What will be done with the packet? Is it dropped or allowedthrough?
e. There will be an alert message. What is it?
Expert Answer
An answer will be send to you shortly. . . . .