Snort mailing list archives
RE: "SHELLCODE x86 NOOP" from presumably non dangerous addresses
From: "Jyri Hovila" <jyri.hovila () iki fi>
Date: Fri, 30 Nov 2001 13:55:58 +0200
Hi! Roberto Suarez Soto once said:
I'm receiving several "SHELLCODE x86 NOOP" alerts from addresses
like
"law2-www.hotmail.com" and another one in akamai (presumably, one of
those
used in ad banners: a62-41-13-32.deploy.akamaitechnologies.com). Is
there a
non-paranoid explanation of what could be happening?
The shellcode alert you're getting can easily be caused by any "binary" traffic. I was getting a lot of these alerts and they were caused by IPSec traffic. I finally decided to remove the rule as there were just too many false alerts. Yours, Jyri _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- "SHELLCODE x86 NOOP" from presumably non dangerous addresses Roberto Suarez Soto (Nov 30)
- Re: "SHELLCODE x86 NOOP" from presumably non dangerous addresses Guillaume (Nov 30)
- RE: "SHELLCODE x86 NOOP" from presumably non dangerous addresses Jyri Hovila (Nov 30)