Snort mailing list archives

RE: [Snort-sigs] Outbound string contains c m d.exe, but from whe re?

From: "Noller, Gregory" <Noller2G () kochind com>
Date: Thu, 24 Jan 2002 10:25:34 -0600

The source of the packets is my outbound NAT router in front of my outbound
proxy array.  I have not web based email server.

-----Original Message-----
From: Cessna, Michael [mailto:MCessna () rtm com]
Sent: Thursday, January 24, 2002 10:16 AM
To: 'Noller, Gregory'; 'snort-users () lists sourceforge net'
Subject: RE: [Snort-sigs] Outbound string contains c m d.exe, but from whe
re?

Gregory, 
Since the source of your packets is the same (209.128.247:%PORT%)...What is
that ip? Is it one of your ip's? Also I have seen this rule triggered quite
a lot with Exchange Web Mail. Do you have Web Mail Servers on your Net? My
snort gets really pissed off whenever I read my snort mail over the web!

Mike 

-----Original Message----- 
From: Noller, Gregory [ mailto:Noller2G () kochind com
<mailto:Noller2G () kochind com> ] 
Sent: Thursday, January 24, 2002 10:17 AM 
To: snort-sigs () lists sourceforge net; 
'snort-users () lists sourceforge net' 
Subject: [Snort-sigs] Outbound string contains c m d.exe, but from 
where?

Current thread:

RE: [Snort-sigs] Outbound string contains c m d.exe, but from whe re? Noller, Gregory (Jan 24)
- <Possible follow-ups>
- RE: [Snort-sigs] Outbound string contains c m d.exe, but from whe re? Cessna, Michael (Jan 24)