Snort mailing list archives
Re: porn.rules
From: dhottinger () harrisonburg k12 va us
Date: Fri, 09 Nov 2007 10:39:41 -0500
Quoting Paul Melson <pmelson () gmail com>:
Im seeing a connection to PORN masturbation site. However the sourceaddress74.205.54.243:80 doesnt resolve. Does anyone know what this address is?dnsstuff.com saysit belongs to rackspace.com, Im thinking rackspace probably rents serverspace for domains? Webhosting.info says it's diceext.com. http://whois.webhosting.info/74.205.54.243 I don't find any other domains using that IP, so that's probably accurate. Are you proxying web traffic through anything like ISA Server or Squid? If so, you'll have the fqdn in a log file somewhere. PaulM
I use squid. Im looking through the access logs now. If I send the payload, can someone look at it and determine if it is a false hit? I dont think it is though. thanks, -- Dwayne Hottinger Network Administrator Harrisonburg City Public Schools "rarely do people communicate, they just take turns talking" ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- porn.rules dhottinger (Nov 09)
- Re: porn.rules rmkml (Nov 09)
- Re: porn.rules Joel Esler (Nov 09)
- Re: porn.rules dhottinger (Nov 09)
- Re: porn.rules Joel Esler (Nov 09)
- Re: porn.rules Paul Melson (Nov 09)
- Re: porn.rules dhottinger (Nov 09)
- Re: porn.rules Paul Melson (Nov 09)
- Re: porn.rules dhottinger (Nov 09)
- Re: porn.rules Joel Esler (Nov 09)
- Re: porn.rules David J. Bianco (Nov 09)
- Re: porn.rules dhottinger (Nov 09)
- Re: porn.rules Paul Schmehl (Nov 09)
- How much will a huge list of subnets to the frag3 preprocessor slow snort? Bachelor, Stephen A CTR USSOCOM HQ (Nov 09)
- Re: How much will a huge list of subnets to the frag3preprocessor slow snort? Paul Melson (Nov 09)