Snort mailing list archives
[snort] ATTACK-RESPONSES id check returned userid (cont.)
From: "Charles Douvier" <charles () knightsecurity ws>
Date: Fri, 6 Jun 2003 08:34:34 -0600
Sorry should have included this: 1 - 43096 2003-06-05 23:09:47 [snort] ATTACK-RESPONSES id check returned userid Sensor name interface filter 192.168.0.3 eth1 none Alert Group none IP source addr dest addr Ver Hdr Len TOS length ID flags offset TTL chksum 192.168.0.102 66.111.3.10 4 5 0 338 31170 0 0 128 31068 FQDN Source Name Dest. Name Unable to resolve address 66.111.3.10.nyinternet.net Options none TCP source port dest port R 1 R 0 U R G A C K P S H R S T S Y N F I N seq # ack offset res window urp chksum 1175 80 X X 4091126679 4150681443 5 0 17520 0 20961 Options none Payload length = 298 000 : 47 45 54 20 2F 70 68 2F 70 68 63 67 69 2F 6C 61 GET /ph/phcgi/la 010 : 64 69 65 73 2F 36 31 2F 36 31 33 36 34 50 50 50 dies/61/61364PPP 020 : 31 2E 6A 70 67 20 48 54 54 50 2F 31 2E 31 0D 0A 1.jpg HTTP/1.1.. 030 : 41 63 63 65 70 74 3A 20 2A 2F 2A 0D 0A 52 65 66 Accept: */*..Ref 040 : 65 72 65 72 3A 20 68 74 74 70 3A 2F 2F 62 72 69 erer: http://bri 050 : 64 65 2E 72 75 2F 3F 62 72 69 64 3D 32 38 38 35 de.ru/?brid=2885 060 : 0D 0A 41 63 63 65 70 74 2D 4C 61 6E 67 75 61 67 ..Accept-Languag 070 : 65 3A 20 65 6E 2D 75 73 0D 0A 41 63 63 65 70 74 e: en-us..Accept 080 : 2D 45 6E 63 6F 64 69 6E 67 3A 20 67 7A 69 70 2C -Encoding: gzip, 090 : 20 64 65 66 6C 61 74 65 0D 0A 55 73 65 72 2D 41 deflate..User-A 0a0 : 67 65 6E 74 3A 20 4D 6F 7A 69 6C 6C 61 2F 34 2E gent: Mozilla/4. 0b0 : 30 20 28 63 6F 6D 70 61 74 69 62 6C 65 3B 20 4D 0 (compatible; M 0c0 : 53 49 45 20 36 2E 30 3B 20 57 69 6E 64 6F 77 73 SIE 6.0; Windows 0d0 : 20 4E 54 20 35 2E 31 29 0D 0A 48 6F 73 74 3A 20 NT 5.1)..Host: 0e0 : 62 72 69 64 65 2E 72 75 0D 0A 43 6F 6E 6E 65 63 bride.ru..Connec 0f0 : 74 69 6F 6E 3A 20 4B 65 65 70 2D 41 6C 69 76 65 tion: Keep-Alive 100 : 0D 0A 43 6F 6F 6B 69 65 3A 20 75 69 64 3D 51 46 ..Cookie: uid=QF 110 : 71 67 75 6A 30 6A 35 58 77 41 41 50 6C 65 41 77 qguj0j5XwAAPleAw 120 : 4D 44 41 67 3D 3D 0D 0A 0D 0A MDAg==.... ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- [snort] ATTACK-RESPONSES id check returned userid (cont.) Charles Douvier (Jun 06)