Snort mailing list archives

RE: "SHELLCODE x86 NOOP" from presumably non dangerous addresses

From: "Jyri Hovila" <jyri.hovila () iki fi>
Date: Fri, 30 Nov 2001 13:55:58 +0200

Hi!

Roberto Suarez Soto once said:

      I'm receiving several "SHELLCODE x86 NOOP" alerts from addresses

like

"law2-www.hotmail.com" and another one in akamai (presumably, one of

those

used in ad banners: a62-41-13-32.deploy.akamaitechnologies.com). Is

there a

non-paranoid explanation of what could be happening?


The shellcode alert you're getting can easily be caused by any "binary"
traffic. I was getting a lot of these alerts and they were caused by
IPSec traffic. I finally decided to remove the rule as there were just
too many false alerts.

Yours,

Jyri


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

"SHELLCODE x86 NOOP" from presumably non dangerous addresses Roberto Suarez Soto (Nov 30)
- Re: "SHELLCODE x86 NOOP" from presumably non dangerous addresses Guillaume (Nov 30)
- RE: "SHELLCODE x86 NOOP" from presumably non dangerous addresses Jyri Hovila (Nov 30)