Snort mailing list archives
Where to configure/change rules for this one?
From: "Ed Greshko" <Edward.M.Greshko () syntegra com>
Date: Fri, 4 May 2001 01:01:09 +0800
Hi, I'm seeing may of the following in logs: # more TCP:1171-80 [**] spp_http_decode: IIS Unicode attack detected [**] 05/03-23:12:18.641497 129.179.xx.xx:1171 -> 202.85.139.157:80 TCP TTL:127 TOS:0x0 ID:2039 IpLen:20 DgmLen:484 DF ***AP*** Seq: 0x6D4A2C44 Ack: 0x34EF9A9F Win: 0x2238 TcpLen: 20 As far as I can tell this is normal surfing by someone running Win2K English version connecting to a site here in Taiwan and reading Chinese site in Hong Kong. The messages don't appear to be coming from the included rules. Thanks, Ed _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: IDScenter - windows GUI front end for Windows S nort Jürgen Nieveler (May 03)
- RE: IDScenter - windows GUI front end for Windows Snort Jerry Shenk (May 03)
- <Possible follow-ups>
- RE: IDScenter - windows GUI front end for Windows S nort Rice, Bill (DeepGreen Bank) (May 03)
- Re: IDScenter - windows GUI front end for Windows Snort Davitt J. Potter (May 03)
- RE: IDScenter - windows GUI front end for Windows Snort Jerry Shenk (May 03)
- Where to configure/change rules for this one? Ed Greshko (May 03)
- Re: IDScenter - windows GUI front end for Windows Snort Davitt J. Potter (May 03)
- RE: IDScenter - windows GUI front end for Windows S nort Greg Wright (May 03)
- RE: IDScenter - windows GUI front end for Windows S nort Jürgen Nieveler (May 04)