[Snort-users] "SHELLCODE x86 NOOP" from presumably non dangerous addresses

Jyri Hovila jyri.hovila at ...2940...
Fri Nov 30 03:57:04 EST 2001


Hi!

Roberto Suarez Soto once said:

>	I'm receiving several "SHELLCODE x86 NOOP" alerts from addresses
like
>"law2-www.hotmail.com" and another one in akamai (presumably, one of
those
>used in ad banners: a62-41-13-32.deploy.akamaitechnologies.com). Is
there a
>non-paranoid explanation of what could be happening?

The shellcode alert you're getting can easily be caused by any "binary"
traffic. I was getting a lot of these alerts and they were caused by
IPSec traffic. I finally decided to remove the rule as there were just
too many false alerts.

Yours,

Jyri





More information about the Snort-users mailing list