Snort mailing list archives

problems in understanding snort alerts

From: gone save <gonesave () gmail com>
Date: Sun, 26 Jul 2009 00:55:58 +0800

hi, all. i am a newbie of snort, my snort send me some alerts and i really
can't understand them. could any one help me out? following are the alerts:

[**] [1:882:6] WEB-CGI calendar access [**]
[Classification: Attempted Information Leak] [Priority: 2]
07/25-17:09:25.819198 192.168.1.100:3456 -> 64.233.189.154:80
TCP TTL:64 TOS:0x0 ID:43196 IpLen:20 DgmLen:929 DF
***AP*** Seq: 0x805579D5  Ack: 0xCD24FF3D  Win: 0xB5C9  TcpLen: 32
TCP Options (3) => NOP NOP TS: 73585 2972519554

[**] [1:1062:7] WEB-MISC nc.exe attempt [**]
[Classification: access to a potentially vulnerable web application]
[Priority:
2]
07/25-17:09:30.696473 192.168.1.100:3462 -> 64.233.189.154:80
TCP TTL:64 TOS:0x0 ID:43289 IpLen:20 DgmLen:1303 DF
***AP*** Seq: 0x8E344CC0  Ack: 0x27BA7E82  Win: 0xB5C9  TcpLen: 20

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

problems in understanding snort alerts gone save (Jul 25)
- Re: problems in understanding snort alerts Stephen Mullins (Jul 25)