Snort mailing list archives
RE: DOUBLE DECODING ATTACK
From: "Briggs, Bruce" <Bruce.Briggs () suny edu>
Date: Tue, 05 Apr 2005 12:09:52 -0400
For a write-up on (http_inspect) DOUBLE DECODING ATTACK, see file 119-4.txt in your Snort install /doc/signatures Bruce -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Mark Sargent Sent: Tuesday, March 29, 2005 12:50 AM To: snort-users () lists sourceforge net Subject: [Snort-users] DOUBLE DECODING ATTACK Hi All, what is a
DOUBLE DECODING ATTACK
03/16-14:31:26.935885 [**] [119:2:1] (http_inspect) DOUBLE DECODING ATTACK [**] {TCP} 192.168.0.12:34027 -> 64.4.55.109:80 found in Snort. The IP is msnhotmail. I imagine harmless, yes..? Cheers. Mark Sargent. ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_ide95&alloc_id396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: DOUBLE DECODING ATTACK Briggs, Bruce (Apr 05)
- <Possible follow-ups>
- RE: DOUBLE DECODING ATTACK Venieris Yiannos (Jun 14)