Snort mailing list archives
False positive ??
From: Milo Velimirovic <milov () uwlax edu>
Date: Thu, 25 Sep 2003 16:31:27 -0500
I noticed this alert while downloading software from Apple's developer site.
[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**] [Classification: Executable code was detected] [Priority: 1] 09/25-15:53:32.917624 17.254.0.200:56669 -> 138.49.xxx.xxx:60118 TCP TTL:239 TOS:0x0 ID:22986 IpLen:20 DgmLen:1320 DF ***A**** Seq: 0x69448EA8 Ack: 0xEB8C131B Win: 0x2568 TcpLen: 32 TCP Options (3) => NOP NOP TS: 3076158921 3077302067 Name: enfuego.apple.com Address: 17.254.0.200 Milo Velimirovic <milov "at" uwlax "dot" edu> Unix Computer Network Administrator University of Wisconsin - La Crosse La Crosse, Wisconsin 54601 USA 43 48 05 N 91 14 22 W There are 10 different types of people in the world. Those who can read binary and those who can't. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- False positive ?? Milo Velimirovic (Sep 25)