Snort mailing list archives

IDS alert

From: "Naveen C Joshi" <naveen_joshi () intersolutions stpn soft net>
Date: Sat, 8 May 2004 16:34:52 +0530

Hi All :

I am sorry if I am wrong to post this kind of problem to this mailing list.
I have installed snort on my network and it generating alert for the an
attack. the attack is as bellow

"May 7 19:59:43  snort: [1:1010:5] WEB-IIS encoding access [Classification:
access to a potentially vulnerable web application] [Priority: 2]: {TCP}
63.208.194.89:80 -> xxx.xxx.xxx.xxx:2245 "

Please let me know how should I make defense for this alert?  It comes very
frequently and with different source IP to different destination IP.

I do not have the Snort Sam installed on my machine Redhat 9.0.


Please help on this problem.

Regards

Naveen



-------------------------------------------------------
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

IDS alert Naveen C Joshi (May 08)
- Re: IDS alert Ravi (May 08)
- <Possible follow-ups>
- Re: IDS alert Michael Shirk (May 10)