Snort mailing list archives
Re: porn.rules
From: "Paul Melson" <pmelson () gmail com>
Date: Fri, 9 Nov 2007 10:36:26 -0500
Im seeing a connection to PORN masturbation site. However the source
address
74.205.54.243:80 doesnt resolve. Does anyone know what this address is?
dnsstuff.com says
it belongs to rackspace.com, Im thinking rackspace probably rents server
space for domains? Webhosting.info says it's diceext.com. http://whois.webhosting.info/74.205.54.243 I don't find any other domains using that IP, so that's probably accurate. Are you proxying web traffic through anything like ISA Server or Squid? If so, you'll have the fqdn in a log file somewhere. PaulM ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- porn.rules dhottinger (Nov 09)
- Re: porn.rules rmkml (Nov 09)
- Re: porn.rules Joel Esler (Nov 09)
- Re: porn.rules dhottinger (Nov 09)
- Re: porn.rules Joel Esler (Nov 09)
- Re: porn.rules Paul Melson (Nov 09)
- Re: porn.rules dhottinger (Nov 09)
- Re: porn.rules Paul Melson (Nov 09)
- Re: porn.rules dhottinger (Nov 09)
- Re: porn.rules Joel Esler (Nov 09)
- Re: porn.rules David J. Bianco (Nov 09)
- Re: porn.rules dhottinger (Nov 09)
- Re: porn.rules Paul Schmehl (Nov 09)
- How much will a huge list of subnets to the frag3 preprocessor slow snort? Bachelor, Stephen A CTR USSOCOM HQ (Nov 09)
- Re: How much will a huge list of subnets to the frag3preprocessor slow snort? Paul Melson (Nov 09)