Snort mailing list archives
Re: Alert question???
From: "Joe Giles" <jgiles () joeman1 com>
Date: 13 Aug 2002 16:35:00 -0000
Actually, I have been getting this too. I think its a bug. If you look at the packet data, there is probobly a work in there that starts or ends with VIRGIN. Like, for exampe VIRGINIA. LOL... I just dissabled the PORN section and use another app for that :)... Hope this helps.. Joe Giles
Hello, I was going through snort logs and i see lot of "PRON virgin" alerts. Source (NN.NN.NN.NN) is the ip address of a hosted web server at our site. Destination is comming from different location as shown below. #764-(5-7743) PORN virgin 2002-08-13 10:39:09 NN.NN.NN.NN:80 66.56.130.252:4920 TCP We are seeing lot of "PRON Virgin" alerts shown for all ip address (source) where we have hosted website. We have couple of website hosted and we are getting above alerts for all of them. Is this a attack??? Please let me know. Thanks _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Joe Giles jgiles () joeman1 com AOL ID: mcigiles ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Alert question??? Know How (Aug 13)
- Re: Alert question??? quentyn (Aug 13)
- <Possible follow-ups>
- Re: Alert question??? Joe Giles (Aug 13)
- Re: Alert question??? quentyn (Aug 13)
- Re: Alert question??? Ian Macdonald (Aug 13)
- Re: Alert question??? quentyn (Aug 13)
- Re: Alert question??? Joe Giles (Aug 13)
- RE: Alert question??? Hicks, John (Aug 13)
- RE: Alert question??? Hicks, John (Aug 13)
- Re: Alert question??? Joe Giles (Aug 13)
- Re: Alert question??? Dan Mahoney, System Admin (Aug 13)
- RE: Alert question??? Mike S. (Aug 17)