Snort mailing list archives
RE: ATTACK RESPONSES 403 Forbidden
From: "Gray . Brendan" <bgray2 () drc com>
Date: Tue, 27 Aug 2002 09:48:31 -0400
I was about to suggest that too. We have some websites at my company that are restricted to specific domains and IP addresses. On my snort logs I get that alert a lot. Everytime someone (or a nimda code red worm) comes to one of our restricted websites, they get a 403 error, and snort catches it. Brendan Gray -----Original Message----- From: Matt Yackley [mailto:Matt.Yackley () perkinswill com] Sent: Tuesday, August 27, 2002 9:20 AM To: 'Alwin Raymundo'; 'snort-users () lists sourceforge net' Subject: RE: [Snort-users] ATTACK RESPONSES 403 Forbidden Alwin, first few things that come to mind are: Someone on the network went to a site that returned a 403 page. What is your External_Net and Home_Net set to? Can you post the alert in question or provide more detail.... Matt -----Original Message----- From: Alwin Raymundo [mailto:alrayworld () yahoo com] Sent: Tuesday, August 27, 2002 7:01 AM To: user snort Subject: [Snort-users] ATTACK RESPONSES 403 Forbidden Hi Guys, I dont know if this already posted but again I need your help about this Attack Response. It showed on my database that I'm the one attacking some server?, which is impossible. I know this is false positive alert. Any idea and comment will be highly appreciated. Thanks in advance brother in snort. ===== Alwin Raymundo ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ATTACK RESPONSES 403 Forbidden Alwin Raymundo (Aug 27)
- <Possible follow-ups>
- RE: ATTACK RESPONSES 403 Forbidden Matt Yackley (Aug 27)
- RE: ATTACK RESPONSES 403 Forbidden Gray . Brendan (Aug 27)
- RE: ATTACK RESPONSES 403 Forbidden Alwin Raymundo (Aug 28)