Snort mailing list archives

shellcode alerts on src port 80

From: Ted Stringer <teds () lancasterlawyers com>
Date: 26 Sep 2002 08:37:21 -0400

I am running rh7.3 linux, snort 1.8.7, acid0.9.6, and I am getting a lot
of shellcode alerts.  All of them are from legit http traffic from http
servers.  I thought that the "!" was the not operator.  The shelcode
variable is set to "!80" just the way it comes in the default settings.

I hope someone can tell me what is wrong or at least point me in the
right direction.

Ted Stringer
Systems Administrator
Lancaster & Eure, P.A.

Current thread:

Why are there no open source GUI's for managing multiple Snort sensors? Carl Samond (Sep 25)
- Re: Why are there no open source GUI's for managing multiple Snort sensors? twig les (Sep 25)
- <Possible follow-ups>
- Why are there no open source GUI's for managing multiple Snort sensors? Ron Shuck (Sep 26)
  - shellcode alerts on src port 80 Ted Stringer (Sep 26)
    - Re: shellcode alerts on src port 80 Chris Green (Sep 26)