Snort mailing list archives

Previous By Date Next
Previous By Thread Next

help

From: "li wei" <kkndguy () hotmail com>
Date: Wed, 09 Apr 2003 09:58:42 +0000

hi, all!
i use snort-1.9.1 in openbsd3.3.When i read the alert file,i found somthing like that : 
     [**] [1:615:3] SCAN SOCKS Proxy attempt [**]
     [Classification: Attempted Information Leak] [Priority: 2]
     04/09-11:11:10.440280 192.168.2.101:20 -> 192.168.2.145:1080
     TCP TTL:128 TOS:0x0 ID:55820 IpLen:20 DgmLen:48 DF
     ******S* Seq: 0xA62138F7  Ack: 0x0  Win: 0xFAF0  TcpLen: 28
     TCP Options (4) => MSS: 1460 NOP NOP SackOK
     [Xref => url help.undernet.org/proxyscan/]
what's "[1:615:3]" means in the message? There is sting like that in evey message.So , what's the string means? 
   All the best,
  kkndguy





_________________________________________________________________
与联机的朋友进行交流,请使用 MSN Messenger: http://messenger.msn.com/cn 


-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: