Snort mailing list archives
help with interpreting log
From: <tonycowling () sympatico ca>
Date: Tue, 15 Feb 2005 9:58:45 -0500
for example I have these type logs from hotmail [**] (http_inspect) DOUBLE DECODING ATTACK [**] what more should I include for someone to shed light on an example log? Is this something to be concerned about other than the fact that it is hotmail for example? I also have entries that start with: [**] (portscan) Open Port [**] Looks like a connection started by someone within my network. What is the best way to start to get info on interpreting logs? ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- help with interpreting log tonycowling (Feb 15)
- RE: help with interpreting log Bob Konigsberg (Feb 17)
- RE: help with interpreting log tony cowling (Feb 17)
- <Possible follow-ups>
- RE: help with interpreting log tony cowling (Feb 17)
- RE: help with interpreting log tony cowling (Feb 17)
- RE: help with interpreting log Bob Konigsberg (Feb 17)