Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Newbie: What does this mean?

From: "Briggs, Bruce" <Bruce.Briggs () suny edu>
Date: Tue, 12 Apr 2005 12:55:26 -0400
So far, I have not found anything anywhere to indicate what client
software can be causing this alert to trigger. 
Perhaps someone else on the list has a clue.

Bruce

-----Original Message-----
From: John Plate [mailto:plate () ache dk] 
Sent: Tuesday, April 12, 2005 10:19 AM
To: Briggs, Bruce
Subject: Re: [Snort-users] Newbie: What does this mean?

Briggs, Bruce wrote:


Is your router doing NAT for devices behind it?


Yes.


If so, then all this log entry tells you is that some device behind

the

router sent out a packet to the dest IP addr that triggered this

alert.

I've run clamscan without any hint of problems. Can you recommend
other tools that can detect the guilty program?

John



-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of John

Plate

Sent: Tuesday, April 12, 2005 6:28 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Newbie: What does this mean?

Hi

I've found this in the log:



========================================================================

=
 # of  from             to               method


========================================================================

=
 30  192.168.1.2      65.54.186.250    (http_inspect) DOUBLE DECODING
ATTACK

The IP 192.168.1.2 is my router to the Net. 

Does this mean that MY server did the attack?



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: