Snort mailing list archives

Previous By Date Next
Previous By Thread Next

question about finding out about traffic

From: "Taylor Lewick" <Taylor.Lewick () us fortis com>
Date: Fri, 26 Apr 2002 14:26:47 -0500
Once I look through a log file and find something I want to investigate more, where do I go to find out more 
information about what I am seeing, (besides the internet obviously)

For instance, I am seeing a bunch of shellcode x86 NOOP [**] traffic, from one box to another on our network, so I 
assume nothing too bad is going on.  But how do I find out more about this specific traffic stream, i.e. sid of 648 in 
shellcodes.rules...  Meaning, if this was a real attack, what kind of attack is it and what kinds of things is it used 
to do...

Thanks,
Taylor

Taylor Lewick
Unix System Administrator
Fortis Benefits
816 881 6073

"Help Wanted.  Seeking Telepath..."
"You Know where to apply."

****************************************************************
                        Please Note
The information in this E-mail message is legally privileged
and confidential information intended only for the use of the
individual(s) named above. If you, the reader of this message,
are not the intended recipient, you are hereby notified that 
you should not further disseminate, distribute, or forward this
E-mail message. If you have received this E-mail in error,
please notify the sender. Thank you
*****************************************************************

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: