Snort mailing list archives

Previous By Date Next
Previous By Thread Next

SID 1287

From: Filbert <Filbert () pandora be>
Date: Wed, 6 Nov 2002 16:54:38 +0100
Hi,

First of all I want to note that I'm new to using snort in our
production envirmonment, so please don't shoot me if my question seems
stupid to you.

It's great software, but it will have a learning curve for us.

Since the sensor is installed we receive very much alerts for one
customer inside the DMZ.

They are coming from SID 1287.

This the packet:

GET /custx/scrip
ts/collection/of
fers/promotionri
ghtb.jsp?lang=nl
 HTTP/1.1..Accep
t: image/gif, im
age/x-xbitmap, i
mage/jpeg, image
/pjpeg, applicat
ion/vnd.ms-power
point, applicati
on/vnd.ms-excel,
 application/msw
ord, */*..Refere
r: http://www.xx
xxx.be/marca/scr
ipts/collection/
offers/promotion
right.jsp?site=n
ull&countryid=9&
lang=nl..Accept-
Language: nl-be.
.Accept-Encoding
: gzip, deflate.
.User-Agent: Moz
illa/4.0 (compat
ible; MSIE 6.0;
Windows NT 5.1).
.Host: www.xxxxx
.be..Connection:
 Keep-Alive..Coo
kie: jsessionid=
2300000006596261
375....  


Why is snort alerting?
We use snort 1.9.0

Many thanks,

-- 
 Filbert                          mailto:Filbert () pandora be



-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm 
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: