Snort mailing list archives
Re: IDS296/web-misc_http-whisker-splicing-attack-space
From: "Andrew R. Baker" <andrewb0x29a () yahoo com>
Date: Fri, 3 Aug 2001 13:40:59 -0700 (PDT)
Based on data from one of my sensors, this alert will be triggered by the Code Red worm. A subsequent packet will contain the actual overflow. -A --- tnelson () starpoint com wrote:
I'm new to snort, but I have v. 1.8.1-beta5 up and running. I am seeing many reports of the whisker-splicing attack, targeted at most of my web servers. I've read the documenation on it at whitehats.com, but I'm not sure how to go about determining if these are actual attacks or false alarms as they seem to be coming from many different IPs. Any help would be greatly appreciated. Tony Nelson ps. My appologies if this is off-topic for this list. Tony Nelson Director of Network Operations Starpoint Solutions 115 Broadway, 20th Fl. New York, NY 10006 Phone: 212-238-0851 Email: tony.nelson () starpoint com http://www.starpoint.com *** This email was scanned by eSafe Content Inspection Server. *** _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
__________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- IDS296/web-misc_http-whisker-splicing-attack-space tnelson (Aug 03)
- Re: IDS296/web-misc_http-whisker-splicing-attack-space Andrew R. Baker (Aug 03)
- <Possible follow-ups>
- Re: IDS296/web-misc_http-whisker-splicing-attack-space tnelson (Aug 03)
- RE: IDS296/web-misc_http-whisker-splicing-attack-space John Berkers (Aug 04)