Snort mailing list archives
WEB Cross-site scripting attempt
From: dcox () medquist com
Date: Fri, 16 Jul 2004 07:42:46 -0600
Greetings All, I am getting thousands of alerts on the " Bleeding-Edge Web Cross-site scripting attempt" rule. These alerts are being logged from my external (public side of firewall) snort box. All the alerts are pointing to the same ip of 63.211.238.135:80 as the Destination address and my public interface as the source address. The internal snort box doesn't alert on this at all. Can anybody give me some information on the rule itself, and whether I should be concerned or not. Thanks in advance. Dan Cox Systems Technician MedQuist Inc, 310 720.206.1000 800.331.3395
Current thread:
- WEB Cross-site scripting attempt dcox (Jul 16)