Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: help

From: "Chapman, Justin T" <JtChapma () bhi-erc com>
Date: Thu, 10 Apr 2003 14:28:08 -0700
I think it goes [<sensorID>:<signatureID>:<signatureRevision>]  

-----Original Message-----
From: li wei [mailto:kkndguy () hotmail com] 
Sent: Wednesday, April 09, 2003 2:59 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] help



hi, all!
  i use snort-1.9.1 in openbsd3.3.When i read the alert file,i found 
somthing like that :
      [**] [1:615:3] SCAN SOCKS Proxy attempt [**]
      [Classification: Attempted Information Leak] [Priority: 2]
      04/09-11:11:10.440280 192.168.2.101:20 -> 192.168.2.145:1080
      TCP TTL:128 TOS:0x0 ID:55820 IpLen:20 DgmLen:48 DF
      ******S* Seq: 0xA62138F7  Ack: 0x0  Win: 0xFAF0  TcpLen: 28
      TCP Options (4) => MSS: 1460 NOP NOP SackOK
      [Xref => url help.undernet.org/proxyscan/]
what's "[1:615:3]" means in the message? There is sting like that in evey 
message.So , what's the string means?
    All the best,
   kkndguy


-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: