[Snort-users] RE: Snortdb against MySQL

Sean C Doherty seand at ...232...
Sun Apr 1 20:16:55 EDT 2001


I turned off the rule that caused the multiple alerts in my personal
firewall and allowed my email client to access the internet unrestricted,
and set up a sniffer to monitor the access the FedEx site.  The packet trace
shows that it appears that only ONE access was made for the IMG link, when
the firewall was allowing the request to go through.

Sooooo, it appears that the additional 4 attempts appear to be a function of
what my email client does when the first and subsequent attempts are blocked
by the firewall (I have not seen this happen with other web-bugs).

Sorry for the confusion, there does not appear to be any magic hidden code
in the html that caused the additional attempts :(

Sean D


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of sp0re
Sent: Sunday, April 01, 2001 6:09 PM
To: Sean C Doherty
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] RE: Snortdb against MySQL


Yes, that is exactly what it appears to be.  Ive seen more and more of
these techniques over the past year.  HTML email, and word docs often have
transparent images, linked to a server, so that the source co can keep
track of how many times that doc is opened, etc.  Bugging is not new.
Linking to a fedex site, is not the be all and end all of worries,
although privacy issues abound.  Good catch, though.

peace,

Sp0re <mailto: sp0re at ...1708...>



_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list