Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Would you suspect?

From: "Ronneil Camara" <ronneilc () remingtonltd com>
Date: Thu, 11 Apr 2002 08:22:06 -0500
Hi Chris,

There is actually no other alerts related to this alert I posted.
I also don't see any alerts on source from that public IP address.

Btw, I'm using 1.8.6 build 105 on an Openbsd 3.0.

Thanks.


-----Original Message-----
From: Chris Green [mailto:cmg () sourcefire com]
Sent: Thursday, April 11, 2002 8:21 AM
To: Ronneil Camara
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Would you suspect?


"Ronneil Camara" <ronneilc () remingtonltd com> writes:


Hi guys,

I am receiving a lot of alerts from my snort, WEB-MISC 403 

Forbidden.

The source is actually our web server going to a public ip address.
Would you suspect that the destination ip is trying to 

hopefully, make

a dir listing of our virtual directory? What's your analysis?



yup typically. Are there any other alerts related to the public ip?
-- 
Chris Green <cmg () sourcefire com>
"Yeah, but you're taking the universe out of context."




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: