Snort mailing list archives
Another snort log
From: "Scott Taylor" <scottt () soccer com>
Date: Tue, 26 Feb 2002 10:11:06 -0800
Another snort log question. Sorry, trying to get up to speed on this. [**] [1:1201:1] WEB-MISC 403 Forbidden [**] [Classification: Attempted Information Leak] [Priority: 2] 02/25-19:26:21.830746 (myfirewallip):80 -> (someoneelsesip):2294 TCP TTL:64 TOS:0x0 ID:15896 IpLen:20 DgmLen:539 DF ***AP*** Seq: 0x3911FED Ack: 0x99D71666 Win: 0x16D0 TcpLen: 20 This shows up in my snort log. It says I'm the source of the alert.(I think) Is that true? I have apache running with rules that only allow connections from certain IP address's. Would that be the cause? It's denying this person access or is this really an attack of some sort Cheers, Scott THERE IS ONLY ONE... SOCCER.COM, The Center of the Soccer Universe http://www.soccer.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Another snort log Scott Taylor (Feb 26)
- Re: Another snort log Guillaume (Feb 27)