Snort mailing list archives

Snort alerts caused by possible legit traffic?

From: NismoSkyline <NismoSkyline () comcast net>
Date: Sat, 07 Jun 2003 03:54:48 -0400

Alot of machines using the same ISP as me, have been setting off snort like shown below. Is it possible this is legit 
traffic?

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/06-05:46:18.582271 attackerIP:2074 -> myIP:80
TCP TTL:117 TOS:0x0 ID:2119 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x235969AC  Ack: 0xAB4D7465  Win: 0x4470  TcpLen: 20

Current thread:

Snort alerts caused by possible legit traffic? NismoSkyline (Jun 07)
- Re: Snort alerts caused by possible legit traffic? John Sage (Jun 07)