Snort mailing list archives

WEB-IIS Unauthorized IP Access Attempt

From: "Ronny Huybrechts @ Pandora" <ronny.huybrechts () pandora be>
Date: Tue, 28 Aug 2001 20:38:39 +0200

Any idea how this happens ?
(670 connections during 2 days)
Our webserver W2K is generating these messages
since a couple of days... a reboot fixes it for a
couple of hours... New Code Red ???

It's always a Web-misc 403 forbidden, after that the Unauthorized IP Access
attempt...
e.g.
[**] WEB-MISC 403 Forbidden [**]
08/26-15:06:23.980458 195.207.176.5:80-> 192.55.37.151:4415
TCP TTL:128 TOS:0x0 ID:8823 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x844F6263 Ack: 0xC9FE43 Win: 0x443D TcpLen: 32
TCP Options (3) => NOP NOP TS: 8879756 12737173 
 
[**] WEB-IIS Unauthorized IP Access Attempt [**]
08/26-15:06:23.980578 195.207.176.5:80-> 192.55.37.151:4415
TCP TTL:128 TOS:0x0 ID:8824 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x844F680B Ack: 0xC9FE43 Win: 0x443D TcpLen: 32
TCP Options (3) => NOP NOP TS: 8879756 12737173 
 



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

WEB-IIS Unauthorized IP Access Attempt Ronny Huybrechts @ Pandora (Aug 28)