Snort mailing list archives
Re: please help ID payload info
From: Matt Kettler <mkettler () evi-inc com>
Date: Tue, 15 Oct 2002 12:49:37 -0400
Well, first did you check to see if this is actually coming from your webserver, or an external one? You left any details about that out, so I figure it's worth asking just to be sure. If it's an external webserver, I bet it's a webpage containing sample output from a security check tool.
also you claim that's similar to content sent out via email... do you have some sort of webmail access going where you might be accessing those emails from your webserver, causing it to legitimately send that content?
If that's actually coming from your webserver, and you don't have webmail, I'd check for security updates on ALL the webserver tools I was running running if I were you :)
At 09:46 AM 10/15/2002 -0600, Randy Bey wrote:
I am getting a WEB-MISC /etc/passwd hit occasionally, and it has me worried. How the heck are they getting what looks like the contents of the /etc directory?
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- please help ID payload info Randy Bey (Oct 15)
- Re: please help ID payload info Matt Kettler (Oct 15)
- Re: please help ID payload info Robby Desmond (Oct 17)
- Help with content-list usage - Unable to open list file: Sven_da_duder Sean Wheeler (Oct 17)
- AW: Help with content-list usage - Unable to open list file: Sven_da_duder Sean Wheeler (Oct 17)
- AW: Help with content-list usage - Unable to open list file: Sven_da_duder Sean Wheeler (Oct 17)
- Help with content-list usage - Unable to open list file: Sven_da_duder Sean Wheeler (Oct 17)
- <Possible follow-ups>
- RE: please help ID payload info Randy Bey (Oct 15)
- RE: please help ID payload info twig les (Oct 15)
- RE: please help ID payload info matthew . keay (Oct 17)
- RE: please help ID payload info matthew . keay (Oct 17)