[Snort-users] WHAT IT MEAN

Alessandro Coppelli coppelli at ...3387...
Tue Sep 11 00:17:03 EDT 2001


  What it mean ? Is it a intrusion ?

==============================================

131.115.231.62 - - [07/Sep/2001:15:59:53 +0200] "-" 408 -
202.128.139.105 - - [07/Sep/2001:16:32:41 +0200] "-" 408 -
211.230.87.30 - - [07/Sep/2001:22:15:35 +0200] "-" 408 -
172.189.91.93 - - [08/Sep/2001:00:28:24 +0200] "-" 408 -
172.144.211.217 - - [08/Sep/2001:01:25:49 +0200] "GET
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0" 404 280
61.13.210.188 - - [10/Sep/2001:10:19:54 +0200] "GET
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0" 404 280
213.194.96.29 - - [10/Sep/2001:12:34:42 +0200] "-" 408 -
61.134.176.189 - - [10/Sep/2001:12:38:03 +0200] "-" 408 -
131.107.78.108 - - [10/Sep/2001:14:35:13 +0200] "-" 408 -
61.183.121.70 - - [10/Sep/2001:14:56:57 +0200] "-" 408 -
24.101.169.90 - - [10/Sep/2001:19:43:47 +0200] "-" 408 -
131.194.131.79 - - [10/Sep/2001:19:47:20 +0200] "-" 408 -
172.182.159.150 - - [11/Sep/2001:03:50:43 +0200] "GET
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0" 404 280
159.226.187.92 - - [11/Sep/2001:05:19:45 +0200] "GET http://www.s3.com/
HTTP/1.1" 200 13726
62.227.232.74 - - [11/Sep/2001:05:55:38 +0200] "-" 408 -






More information about the Snort-users mailing list