Snort mailing list archives

IDS296/web-misc_http-whisker-splicing-attack-space

From: tnelson () starpoint com
Date: Fri, 3 Aug 2001 16:34:02 -0400

I'm new to snort, but I have v. 1.8.1-beta5 up and running.  I am seeing
many reports of the whisker-splicing attack, targeted at most of my web
servers.  I've read the documenation on it at whitehats.com, but I'm not
sure how to go about determining if these are actual attacks or false
alarms as they seem to be coming from many different IPs.

Any help would be greatly appreciated.

Tony Nelson

ps.  My appologies if this is off-topic for this list.

Tony Nelson
Director of Network Operations
Starpoint Solutions
115 Broadway, 20th Fl.
New York, NY 10006
Phone: 212-238-0851
Email: tony.nelson () starpoint com
http://www.starpoint.com

*** This email was scanned by eSafe Content Inspection Server. ***


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

IDS296/web-misc_http-whisker-splicing-attack-space tnelson (Aug 03)
- Re: IDS296/web-misc_http-whisker-splicing-attack-space Andrew R. Baker (Aug 03)
- <Possible follow-ups>
- Re: IDS296/web-misc_http-whisker-splicing-attack-space tnelson (Aug 03)
  - RE: IDS296/web-misc_http-whisker-splicing-attack-space John Berkers (Aug 04)