[Snort-users] some signature that displat on ACID

twig les twigles at ...131...
Tue Dec 17 18:40:03 EST 2002


In my environment (ISP) that was one of the first ones
to get cut.  Tons of false alarms.

--- Erick Mechler <emechler at ...7719...> wrote:
> :: when i saw ACID most signatures are "SCAN Squid
> Proxy attempt " 
> :: I checked the snort site but ther is no any
> :: describtion
> :: abou that such az other signature
> :: Do any one know what is happen on my network and
> what
> :: is the meaning of this signature
> 
> It's a simple signature that checks for incoming
> traffic (i.e., from your
> EXTERNAL_NET to your HOME_NET with a destination
> port of 3128 and the TCP
> SYN flag set.
> 
> Cheers - Erick
> 
> 
>
-------------------------------------------------------
> This sf.net email is sponsored by:
> With Great Power, Comes Great Responsibility 
> Learn to use your power at OSDN's High Performance
> Computing Channel
> http://hpc.devchannel.org/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
If you give a man a fish, he can eat for a day
If you bludgeon him to death, you can eat the fish yourself                       
-----------------------------------------------------------

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com




More information about the Snort-users mailing list