[Snort-users] [Fwd: shellcode alerts on src port 80]

Ted Stringer teds at ...5847...
Thu Sep 26 05:42:06 EDT 2002


Doh, as soon as I ask someone I read the last comment in snort.conf that
shellcode is disabled by default.  Par for the course

Ted Stringer
Systems Administrator
Lancaster & Eure, P.A.

-----Forwarded Message-----
From: Ted Stringer <teds at ...5847...>
To: snort-users at lists.sourceforge.net
Subject: shellcode alerts on src port 80
Date: 26 Sep 2002 08:37:21 -0400

I am running rh7.3 linux, snort 1.8.7, acid0.9.6, and I am getting a lot
of shellcode alerts.  All of them are from legit http traffic from http
servers.  I thought that the "!" was the not operator.  The shelcode
variable is set to "!80" just the way it comes in the default settings. 

I hope someone can tell me what is wrong or at least point me in the
right direction. 

Ted Stringer 
Systems Administrator 
Lancaster & Eure, P.A.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020926/0f406d83/attachment.html>


More information about the Snort-users mailing list