Snort mailing list archives

alert file problem

From: Ganu Skop <skopganu () yahoo com>
Date: Thu, 20 Jun 2002 00:15:56 -0700 (PDT)

hi all,
lately been getting an alert file with wrong
classification - it doesn't match
classification-config at all such as (syslog file)

Jun 20 11:13:12 xxx host: [1:1765:2] WEB-CGI Nortel
Contivity cgiproc access [Classification: \240m)]
[Prio
rity: 2]: {TCP} x.x.x.x:3455 -> y.y.y.y:80

Jun 20 11:13:13 xxx host: [1:1215:5] WEB-CGI ministats
admin access [Classification: \240m)] [Priority: 2]:
 {TCP} x.x.x.x:3482 -> y.y.y.y:80


it stated that [Classification: \240m)] - any idea ?


=====
//skopganu

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com


-------------------------------------------------------
                   Bringing you mounds of caffeinated joy
                   >>>     http://thinkgeek.com/sf    <<<

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

alert file problem Ganu Skop (Jun 20)