Snort mailing list archives
problems in understanding snort alerts
From: gone save <gonesave () gmail com>
Date: Sun, 26 Jul 2009 00:55:58 +0800
hi, all. i am a newbie of snort, my snort send me some alerts and i really can't understand them. could any one help me out? following are the alerts: [**] [1:882:6] WEB-CGI calendar access [**] [Classification: Attempted Information Leak] [Priority: 2] 07/25-17:09:25.819198 192.168.1.100:3456 -> 64.233.189.154:80 TCP TTL:64 TOS:0x0 ID:43196 IpLen:20 DgmLen:929 DF ***AP*** Seq: 0x805579D5 Ack: 0xCD24FF3D Win: 0xB5C9 TcpLen: 32 TCP Options (3) => NOP NOP TS: 73585 2972519554 [**] [1:1062:7] WEB-MISC nc.exe attempt [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 07/25-17:09:30.696473 192.168.1.100:3462 -> 64.233.189.154:80 TCP TTL:64 TOS:0x0 ID:43289 IpLen:20 DgmLen:1303 DF ***AP*** Seq: 0x8E344CC0 Ack: 0x27BA7E82 Win: 0xB5C9 TcpLen: 20
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- problems in understanding snort alerts gone save (Jul 25)
- Re: problems in understanding snort alerts Stephen Mullins (Jul 25)