[Snort-users] "SHELLCODE x86 NOOP" from presumably non dangerous addresses
jyri.hovila at ...2940...
Fri Nov 30 03:57:04 EST 2001
Roberto Suarez Soto once said:
> I'm receiving several "SHELLCODE x86 NOOP" alerts from addresses
>"law2-www.hotmail.com" and another one in akamai (presumably, one of
>used in ad banners: a62-41-13-32.deploy.akamaitechnologies.com). Is
>non-paranoid explanation of what could be happening?
The shellcode alert you're getting can easily be caused by any "binary"
traffic. I was getting a lot of these alerts and they were caused by
IPSec traffic. I finally decided to remove the rule as there were just
too many false alerts.
More information about the Snort-users