Snort mailing list archives

Is this an exploit attempt - or normal activity?

From: CasperLinux <CasperLinux () comcast net>
Date: Wed, 15 Feb 2006 07:52:21 -0500

Events between  02 14 06:29:19  and  02 15 01:56:52
   14  66.177.117.xxx   192.xxx.x.x     (http_inspect) OVERSIZE REQUEST-URI 
DIRECTORY

I've tried to look this up but can not really determine.  I did report the IP 
to Comcast but they don't respond (not that I expected them to).  This same 
IP is nearly 100% of the source of my "intrusion" detection for this same 
activity.  I have checked the apache logs but do not see anything that I 
would consider as a smoking gun.

Is this an issue or can I ignore this?

Don
-- 
- Powered by Debian Linux - 


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Is this an exploit attempt - or normal activity? CasperLinux (Feb 15)
- Re: Is this an exploit attempt - or normal activity? Joel Esler (Feb 15)