Snort mailing list archives
Re: Is this an exploit attempt - or normal activity?
From: Joel Esler <joel.esler () sourcefire com>
Date: Wed, 15 Feb 2006 09:22:41 -0500
Don,Thanks for writing. We'd be glad to help you analyze your alerts, but we need the contents of the packets. Please post the payload to the list along with your email.
Joel On Feb 15, 2006, at 7:52 AM, CasperLinux wrote:
Events between 02 14 06:29:19 and 02 15 01:56:5214 66.177.117.xxx 192.xxx.x.x (http_inspect) OVERSIZE REQUEST-URIDIRECTORYI've tried to look this up but can not really determine. I did report the IP to Comcast but they don't respond (not that I expected them to). This same IP is nearly 100% of the source of my "intrusion" detection for this same activity. I have checked the apache logs but do not see anything that Iwould consider as a smoking gun. Is this an issue or can I ignore this? Don -- - Powered by Debian Linux - -------------------------------------------------------This SF.net email is sponsored by: Splunk Inc. Do you grep through log filesfor problems? Stop! Download the new AJAX search engine that makessearching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel? cmd=lnk&kid=103432&bid=230486&dat=121642_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Is this an exploit attempt - or normal activity? CasperLinux (Feb 15)
- Re: Is this an exploit attempt - or normal activity? Joel Esler (Feb 15)