Snort mailing list archives

Previous By Date Next
Previous By Thread Next

IIS UNICODE Attack?

From: WAN FAT WU <wuwanfat () yahoo com hk>
Date: Mon, 9 Feb 2004 23:21:26 +0800 (CST)
Hi All,

When I start the snort in console alert mode(-A
console), I notified the following alert. 

(http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
02/10-10:50:30.021189 192.168.1.140:1125 ->
216.136.232.84:80
TCP TTL:64 TOS:0x0 ID:28461 IpLen:20 DgmLen:1140 DF
***AP*** Seq: 0x9BBA7C19  Ack: 0xA2959A99  Win: 0x16D0
 TcpLen: 32
TCP Options (3) => NOP NOP TS: 327805 658179166
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

My IP is 192.168.1.140(linux machine).
I have checked that 216.136.232.84 is yahoo.

Am my computer being comprised? 

Please help me!

Best,
Fred




_________________________________________________________
必殺技、飲歌、小星星...
浪漫鈴聲  情心連繫
http://us.rd.yahoo.com/evt=22281/*http://ringtone.yahoo.com.hk/


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: