[Snort-users] Another snort log

Scott Taylor scottt at ...4859...
Tue Feb 26 10:13:07 EST 2002


Another snort log question. Sorry, trying to get 
up to speed on this.

[**] [1:1201:1] WEB-MISC 403 Forbidden [**]
[Classification: Attempted Information Leak] 
[Priority: 2]
02/25-19:26:21.830746 (myfirewallip):80 -> 
(someoneelsesip):2294
TCP TTL:64 TOS:0x0 ID:15896 IpLen:20 DgmLen:539 
DF
***AP*** Seq: 0x3911FED Ack: 0x99D71666 Win: 
0x16D0 TcpLen: 20

This shows up in my snort log. It says I'm the 
source of the alert.(I think) Is that true?
I have apache running with rules that only allow 
connections from certain IP address's. Would 
that be the cause? It's denying this person 
access or is this really an attack of some sort

Cheers,
Scott


THERE IS ONLY ONE... 
SOCCER.COM, The Center of the Soccer Universe
http://www.soccer.com




More information about the Snort-users mailing list