Snort mailing list archives
RE: DOUBLE DECODING ATTACK
From: "Briggs, Bruce" <Bruce.Briggs () suny edu>
Date: Tue, 05 Apr 2005 12:09:52 -0400
For a write-up on (http_inspect) DOUBLE DECODING ATTACK, see file 119-4.txt in your Snort install /doc/signatures Bruce -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Mark Sargent Sent: Tuesday, March 29, 2005 12:50 AM To: snort-users () lists sourceforge net Subject: [Snort-users] DOUBLE DECODING ATTACK Hi All, what is a
DOUBLE DECODING ATTACK
03/16-14:31:26.935885 [**] [119:2:1] (http_inspect) DOUBLE DECODING
ATTACK [**] {TCP} 192.168.0.12:34027 -> 64.4.55.109:80
found in Snort. The IP is msnhotmail. I imagine harmless, yes..? Cheers.
Mark Sargent.
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: DOUBLE DECODING ATTACK Briggs, Bruce (Apr 05)
- <Possible follow-ups>
- RE: DOUBLE DECODING ATTACK Venieris Yiannos (Jun 14)