[Snort-users] Alert Question

Edwin Covert ecovert at ...1864...
Fri Apr 20 12:20:05 EDT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I recently saw this  following entry in my alert IDS:

[**] WEB-IIS - Unauthorized Login Attempt [**]
04/20-09:21:54.623322 207.197.132.205:80 -> yyy.yyy.yyy.yyy:1297
TCP TTL:128 TOS:0x0 ID:39139  DF
*****PA* Seq: 0x19D1554   Ack: 0x58C10   Win: 0x20CD


The 207 address is our webserver.   The YYY address is my internal IP
on the LAN via NAT.  So, what am I seeing?  Any help would be
appreciated.

TIA,
Ed

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
Comment: Encryption makes the world safer

iQA/AwUBOuBhpzIjXbhrEgfyEQJfYACePGVS6XZbvxNxULEZq55Lnz5z08AAoKks
6byNnmMm24ox2aOnRrMtLOGg
=ncyl
-----END PGP SIGNATURE-----


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010420/48cb311d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGPexch.rtf.asc
Type: application/octet-stream
Size: 833 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010420/48cb311d/attachment.obj>


More information about the Snort-users mailing list