Snort mailing list archives
Tagged packets in logs
From: Russell Fulton <r.fulton () auckland ac nz>
Date: Tue, 23 Dec 2003 23:22:27 +1300
Hi, I am getting a trickle of "tagged" packets turning up in ACID. All these packets have 80 as source port and most have no data, just push+ack set. A few have data and these alway start with a USER <username><CRLF>PASS <password> . I am using 2.0.4 with latest stable ruleset. So far as I can tell there are only two rules that currently use the tag option and neither target port 80. Any idea what is going on? BTW I'm using unified logging and mudpit to log to a mysql database. -- Russell Fulton /~\ The ASCII Network Security Officer \ / Ribbon Campaign The University of Auckland X Against HTML New Zealand / \ Email! ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Tagged packets in logs Russell Fulton (Dec 23)
- <Possible follow-ups>
- RE: Tagged packets in logs Grejda, Eric (Dec 23)