Snort mailing list archives
Re: porn.rules
From: Paul Schmehl <pauls () utdallas edu>
Date: Fri, 09 Nov 2007 11:43:54 -0600
--On Friday, November 09, 2007 09:29:58 -0500 dhottinger () harrisonburg k12 va us wrote:
Quoting Joel Esler <joel.esler () sourcefire com>:Either. -- Joel Esler Sent from the road. On Nov 9, 2007, at 9:09 AM, dhottinger () harrisonburg k12 va us wrote:Are the porn.rules flagged based on words typed in url's or search strings? --Im seeing a connection to PORN masturbation site. However the source address 74.205.54.243:80 doesnt resolve. Does anyone know what this address is? dnsstuff.com says it belongs to rackspace.com, Im thinking rackspace probably rents server space for domains?
[ Informations about 74.205.43.243 ] IP range : 74.205.43.240 - 74.205.43.247 Network name : RSPC-119544-1177630982 Infos : Answers in Genisis Infos : P.O. Box 510 Infos : Hebron Infos : KY Infos : 41048 Country : United States (US) Abuse E-mail : abuse () rackspace com Source : ARIN The IP doesn't reverse. Verisign is the SOA. Port 80 *is* open. # nmap 74.205.43.243 Starting Nmap 4.20 ( http://insecure.org ) at 2007-11-09 11:37 CST Interesting ports on 74.205.43.243: Not shown: 1692 filtered ports PORT STATE SERVICE 21/tcp open ftp 22/tcp closed ssh 80/tcp open http 443/tcp open https 3389/tcp open ms-term-serv -- Paul Schmehl (pauls () utdallas edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: porn.rules, (continued)
- Re: porn.rules rmkml (Nov 09)
- Re: porn.rules Joel Esler (Nov 09)
- Re: porn.rules dhottinger (Nov 09)
- Re: porn.rules Joel Esler (Nov 09)
- Re: porn.rules Paul Melson (Nov 09)
- Re: porn.rules dhottinger (Nov 09)
- Re: porn.rules Paul Melson (Nov 09)
- Re: porn.rules dhottinger (Nov 09)
- Re: porn.rules Joel Esler (Nov 09)
- Re: porn.rules David J. Bianco (Nov 09)
- Re: porn.rules dhottinger (Nov 09)
- Re: porn.rules Paul Schmehl (Nov 09)
- How much will a huge list of subnets to the frag3 preprocessor slow snort? Bachelor, Stephen A CTR USSOCOM HQ (Nov 09)
- Re: How much will a huge list of subnets to the frag3preprocessor slow snort? Paul Melson (Nov 09)