Snort mailing list archives
RE: (no subject)
From: Steve Halligan <agent33 () geeksquad com>
Date: Thu, 20 Sep 2001 08:51:35 -0500
Looks like you triggered an alert on an email that had a packet decode of a nimda scan -steve
000 : 47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 5C GET /scripts/..\ 010 : 2E 2E 2F 77 69 6E 6E 74 2F 73 79 73 74 65 6D 33 ../winnt/system3 020 : 32 2F 63 6D 64 2E 65 78 65 3F 2F 63 2B 64 69 72 2/cmd.exe?/c+dir 030 : 20 72 20 63 2B 64 69 72 20 48 54 54 50 2F 31 2E r c+dir HTTP/1. 040 : 30 0D 0A 48 6F 73 74 3A 20 77 77 77 0D 0A 43 6F 0..Host: www..Co 050 : 6E 6E 6E 65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 nnnection: close 060 : 0D 0A 0D 0A 65 63 74 69 6F 6E 3A 20 63 6C 6F 73 ....ection: clos 070 : 65 0D 0A 0D 0A 2B 30 32 30 30 0D 0A 52 65 63 65 e....+0200..Rece 080 : 69 76 65 64 3A 20 66 72 6F 6D 20 73 74 61 74 6F ived: from stato 090 : 69 6C 2E 6E 6F 20 28 6D 61 69 6C 68 6F 73 74 2E il.no (mailhost. 0a0 : 73 74 61 74 6F 69 6C 2E 6E 6F 20 5B 31 34 33 2E statoil.no [143. 0b0 : 39 37 2E 32 30 2E 31 30 39 5D 29 0D 0A 09 62 79 97.20.109])...by 0c0 : 20 6D 61 69 6C 77 61 6C 6C 31 2E 73 74 61 74 6F mailwall1.stato 0d0 : 69 6C 2E 63 6F 6D 20 28 38 2E 31 31 2E 31 2F 38 il.com (8.11.1/8 0e0 : 2E 31 31 2E 31 29 20 77 69 74 68 20 45 53 4D 54 .11.1) with ESMT 0f0 : 50 20 69 64 20 66 38 4B 42 50 48 51 32 31 36 30 P id f8KBPHQ2160 100 : 34 3B 0D 0A 09 54 68 75 2C 20 32 30 20 53 65 70 4;...Thu, 20 Sep 110 : 20 32 30 30 31 20 31 33 3A 32 35 3A 31 37 20 2B 2001 13:25:17 + 120 : 30 32 30 30 20 28 4D 45 54 20 44 53 54 29 0D 0A 0200 (MET DST).. 130 : 52 65 63 65 69 76 65 64 3A 20 66 72 6F 6D 20 73 Received: from s 140 : 74 66 6F 2D 6C 6E 73 6D 74 70 32 2E 73 74 61 74 tfo-lnsmtp2.stat 150 : 6F 69 6C 2E 6E 6F 20 28 73 74 66 6F 2D 6C 6E 73 oil.no (stfo-lns 160 : 6D 74 70 32 2E 73 74 2E 73 74 61 74 6F 69 6C 2E mtp2.st.statoil. 170 : 6E 6F 20 5B 31 34 33 2E 39 37 2E 32 30 2E 31 34 no [143.97.20.14 180 : 39 5D 29 0D 0A 09 62 79 20 73 74 61 74 6F 69 6C 9])...by statoil 190 : 2E 6E 6F 20 28 38 2E 31 30 2E 30 2F 38 2E 31 30 .no (8.10.0/8.10 1a0 : 2E 30 29 20 77 69 74 68 20 53 4D 54 50 20 69 64 .0) with SMTP id 1b0 : 20 66 38 4B 42 50 46 78 30 35 39 31 32 3B 0D 0A f8KBPFx05912;.. 1c0 : 09 54 68 75 2C 20 32 30 20 53 65 70 20 32 30 30 .Thu, 20 Sep 200 1d0 : 31 20 31 33 3A 32 35 3A 31 35 20 2B 30 32 30 30 1 13:25:15 +0200 1e0 : 20 28 4D 45 54 20 44 53 54 29 0D 0A 52 65 63 65 (MET DST)..Rece 1f0 : 69 76 65 64 3A 20 62 79 20 73 74 66 6F 2D 6C 6E ived: by stfo-ln 200 : 73 6D 74 70 32 2E 73 74 61 74 6F 69 6C 2E 6E 6F smtp2.statoil.no 210 : 28 4C 6F 74 75 73 (Lotus Best Regards, Thomas Nilsen Kverneland IT AS Phone: +47 5142 9463 - Mobile: +47 991 55 001 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- (no subject), (continued)
- (no subject) Wells, Kenneth L (Sep 17)
- RE: (no subject) Wells, Kenneth L (Sep 17)
- RE: (no subject) Steve Halligan (Sep 17)
- Re: (no subject) Wayne T Work (Sep 17)
- RE: (no subject) Wayne T Work (Sep 17)
- RE: (no subject) Wayne T Work (Sep 17)
- RE: (no subject) Reeves, Michael (GEAE, Compaq) (Sep 17)
- (no subject) Peter Fuggle (Sep 19)
- (no subject) Thomas Nilsen (Sep 20)
- Re: (no subject) richard (Sep 20)
- RE: (no subject) Steve Halligan (Sep 20)
- RE: (no subject) Jeff Anderson (Sep 20)
- RE: (no subject) Thomas Nilsen (Sep 20)
- (no subject) Kenny (Sep 27)
- (no subject) Lists (Sep 29)
- Directory Traversal Jim Kipp (Sep 30)
- Re: Directory Traversal Erek Adams (Sep 30)
- Re: Directory Traversal Jim Kipp (Sep 30)
- Directory Traversal Jim Kipp (Sep 30)