Snort mailing list archives

Previous By Date Next
Previous By Thread Next

WEB-IIS MISC forbidden

From: Gongya Yu <yu () gongya net>
Date: Fri, 12 Apr 2002 23:01:52 -0700
Can anyone make a point to this for me ?

[**] WEB-MISC 403 Forbidden [**]
08/26-15:06:23.980458 x.x.x.x:80-> y.y.y.y:4415
TCP TTL:128 TOS:0x0 ID:8823 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x844F6263 Ack: 0xC9FE43 Win: 0x443D TcpLen: 32
TCP Options (3) => NOP NOP TS: 8879756 12737173

[**] WEB-IIS Unauthorized IP Access Attempt [**]
08/26-15:06:23.980578 x.x.x.x:80-> y.y.y.y:4415
TCP TTL:128 TOS:0x0 ID:8824 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x844F680B Ack: 0xC9FE43 Win: 0x443D TcpLen: 32
TCP Options (3) => NOP NOP TS: 8879756 12737173

x.x.x.x generates these actively or is triggered by y.y.y.y, then
generates these alerts ?

What I mean is
1. y.y.y.y tries to access x.x.x.x on port 80 from source port 4415,
then x.x.x.x responses with this alert ?

2. or x.x.x.x just tries to access y.y.y.y without any trigger from
y.y.y.y

   thanks in advance !!!
Snort user


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: