Snort mailing list archives
WEB-IIS Unauthorized IP Access Attempt
From: "Ronny Huybrechts @ Pandora" <ronny.huybrechts () pandora be>
Date: Tue, 28 Aug 2001 20:38:39 +0200
Any idea how this happens ? (670 connections during 2 days) Our webserver W2K is generating these messages since a couple of days... a reboot fixes it for a couple of hours... New Code Red ??? It's always a Web-misc 403 forbidden, after that the Unauthorized IP Access attempt... e.g. [**] WEB-MISC 403 Forbidden [**] 08/26-15:06:23.980458 195.207.176.5:80-> 192.55.37.151:4415 TCP TTL:128 TOS:0x0 ID:8823 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x844F6263 Ack: 0xC9FE43 Win: 0x443D TcpLen: 32 TCP Options (3) => NOP NOP TS: 8879756 12737173 [**] WEB-IIS Unauthorized IP Access Attempt [**] 08/26-15:06:23.980578 195.207.176.5:80-> 192.55.37.151:4415 TCP TTL:128 TOS:0x0 ID:8824 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x844F680B Ack: 0xC9FE43 Win: 0x443D TcpLen: 32 TCP Options (3) => NOP NOP TS: 8879756 12737173 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- WEB-IIS Unauthorized IP Access Attempt Ronny Huybrechts @ Pandora (Aug 28)