Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: porn.rules

From: dhottinger () harrisonburg k12 va us
Date: Fri, 09 Nov 2007 10:39:41 -0500
Quoting Paul Melson <pmelson () gmail com>:


Im seeing a connection to  PORN masturbation site.  However the source

address

74.205.54.243:80 doesnt resolve.  Does anyone know what this address is?

dnsstuff.com says

it belongs to rackspace.com, Im thinking rackspace probably rents server

space for domains?

Webhosting.info says it's diceext.com.
http://whois.webhosting.info/74.205.54.243

I don't find any other domains using that IP, so that's probably accurate.
Are you proxying web traffic through anything like ISA Server or Squid?  If
so, you'll have the fqdn in a log file somewhere.

PaulM


I use squid.  Im looking through the access logs now.  If I send the  
payload, can someone look at it and determine if it is a false hit?  I  
dont think it is though.

thanks,




-- 
Dwayne Hottinger
Network Administrator
Harrisonburg City Public Schools

"rarely do people communicate, they just take turns talking"


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: