Snort mailing list archives
IDS alert
From: "Naveen C Joshi" <naveen_joshi () intersolutions stpn soft net>
Date: Sat, 8 May 2004 16:34:52 +0530
Hi All : I am sorry if I am wrong to post this kind of problem to this mailing list. I have installed snort on my network and it generating alert for the an attack. the attack is as bellow "May 7 19:59:43 snort: [1:1010:5] WEB-IIS encoding access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 63.208.194.89:80 -> xxx.xxx.xxx.xxx:2245 " Please let me know how should I make defense for this alert? It comes very frequently and with different source IP to different destination IP. I do not have the Snort Sam installed on my machine Redhat 9.0. Please help on this problem. Regards Naveen ------------------------------------------------------- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- IDS alert Naveen C Joshi (May 08)
- Re: IDS alert Ravi (May 08)
- <Possible follow-ups>
- Re: IDS alert Michael Shirk (May 10)