Snort mailing list archives
WEB-IIS MISC forbidden
From: Gongya Yu <yu () gongya net>
Date: Fri, 12 Apr 2002 23:01:52 -0700
Can anyone make a point to this for me ? [**] WEB-MISC 403 Forbidden [**] 08/26-15:06:23.980458 x.x.x.x:80-> y.y.y.y:4415 TCP TTL:128 TOS:0x0 ID:8823 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x844F6263 Ack: 0xC9FE43 Win: 0x443D TcpLen: 32 TCP Options (3) => NOP NOP TS: 8879756 12737173 [**] WEB-IIS Unauthorized IP Access Attempt [**] 08/26-15:06:23.980578 x.x.x.x:80-> y.y.y.y:4415 TCP TTL:128 TOS:0x0 ID:8824 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x844F680B Ack: 0xC9FE43 Win: 0x443D TcpLen: 32 TCP Options (3) => NOP NOP TS: 8879756 12737173 x.x.x.x generates these actively or is triggered by y.y.y.y, then generates these alerts ? What I mean is 1. y.y.y.y tries to access x.x.x.x on port 80 from source port 4415, then x.x.x.x responses with this alert ? 2. or x.x.x.x just tries to access y.y.y.y without any trigger from y.y.y.y thanks in advance !!! Snort user _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- WEB-IIS MISC forbidden Gongya Yu (Mar 14)
- Re: WEB-IIS MISC forbidden bthaler (Mar 15)
- Re: WEB-IIS MISC forbidden Gongya Yu (Mar 15)
- Re: WEB-IIS MISC forbidden Matt Kettler (Mar 15)
- Re: WEB-IIS MISC forbidden Gongya Yu (Mar 15)
- Re: WEB-IIS MISC forbidden bthaler (Mar 15)