Snort mailing list archives
RE: Alert question???
From: "Mike S." <exi1ed0ne () hotmail com>
Date: Tue, 13 Aug 2002 16:36:48 +0000
We are seeing lot of "PRON Virgin" alerts shown for all ip address (source)where we have hosted website. We have couple of website hosted and we aregetting above alerts for all of them. Is this a attack??? Please let me know.
From the latest porn.rules:
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any \ (msg:"PORN virgin"; content:"virgin "; nocase; flags:A+; \ classtype:kickass-porn; sid:1796; rev:2;) Looks like you have a lot of packets flying around with virgin in them. Note the content:"virgin " portion of the rule. -Andrew _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Alert question??? Know How (Aug 13)
- Re: Alert question??? quentyn (Aug 13)
- <Possible follow-ups>
- Re: Alert question??? Joe Giles (Aug 13)
- Re: Alert question??? quentyn (Aug 13)
- Re: Alert question??? Ian Macdonald (Aug 13)
- Re: Alert question??? quentyn (Aug 13)
- Re: Alert question??? Joe Giles (Aug 13)
- RE: Alert question??? Hicks, John (Aug 13)
- RE: Alert question??? Hicks, John (Aug 13)
- Re: Alert question??? Joe Giles (Aug 13)
- Re: Alert question??? Dan Mahoney, System Admin (Aug 13)
- RE: Alert question??? Mike S. (Aug 17)