Snort mailing list archives
IIS UNICODE Attack?
From: WAN FAT WU <wuwanfat () yahoo com hk>
Date: Mon, 9 Feb 2004 23:21:26 +0800 (CST)
Hi All, When I start the snort in console alert mode(-A console), I notified the following alert. (http_inspect) IIS UNICODE CODEPOINT ENCODING [**] 02/10-10:50:30.021189 192.168.1.140:1125 -> 216.136.232.84:80 TCP TTL:64 TOS:0x0 ID:28461 IpLen:20 DgmLen:1140 DF ***AP*** Seq: 0x9BBA7C19 Ack: 0xA2959A99 Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 327805 658179166 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ My IP is 192.168.1.140(linux machine). I have checked that 216.136.232.84 is yahoo. Am my computer being comprised? Please help me! Best, Fred _________________________________________________________ 必殺技、飲歌、小星星... 浪漫鈴聲 情心連繫 http://us.rd.yahoo.com/evt=22281/*http://ringtone.yahoo.com.hk/ ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- IIS UNICODE Attack? WAN FAT WU (Feb 09)