Snort mailing list archives
RE: [Snort-sigs] Outbound string contains c m d.exe, but from whe re?
From: "Noller, Gregory" <Noller2G () kochind com>
Date: Thu, 24 Jan 2002 10:25:34 -0600
The source of the packets is my outbound NAT router in front of my outbound proxy array. I have not web based email server. -----Original Message----- From: Cessna, Michael [mailto:MCessna () rtm com] Sent: Thursday, January 24, 2002 10:16 AM To: 'Noller, Gregory'; 'snort-users () lists sourceforge net' Subject: RE: [Snort-sigs] Outbound string contains c m d.exe, but from whe re? Gregory, Since the source of your packets is the same (209.128.247:%PORT%)...What is that ip? Is it one of your ip's? Also I have seen this rule triggered quite a lot with Exchange Web Mail. Do you have Web Mail Servers on your Net? My snort gets really pissed off whenever I read my snort mail over the web! Mike -----Original Message----- From: Noller, Gregory [ mailto:Noller2G () kochind com <mailto:Noller2G () kochind com> ] Sent: Thursday, January 24, 2002 10:17 AM To: snort-sigs () lists sourceforge net; 'snort-users () lists sourceforge net' Subject: [Snort-sigs] Outbound string contains c m d.exe, but from where?
Current thread:
- RE: [Snort-sigs] Outbound string contains c m d.exe, but from whe re? Noller, Gregory (Jan 24)
- <Possible follow-ups>
- RE: [Snort-sigs] Outbound string contains c m d.exe, but from whe re? Cessna, Michael (Jan 24)