Snort mailing list archives
Snort alerts caused by possible legit traffic?
From: NismoSkyline <NismoSkyline () comcast net>
Date: Sat, 07 Jun 2003 03:54:48 -0400
Alot of machines using the same ISP as me, have been setting off snort like shown below. Is it possible this is legit traffic? [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/06-05:46:18.582271 attackerIP:2074 -> myIP:80 TCP TTL:117 TOS:0x0 ID:2119 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x235969AC Ack: 0xAB4D7465 Win: 0x4470 TcpLen: 20
Current thread:
- Snort alerts caused by possible legit traffic? NismoSkyline (Jun 07)
- Re: Snort alerts caused by possible legit traffic? John Sage (Jun 07)