[Snort-users] shellcode alerts on src port 80
cmg at ...1935...
Thu Sep 26 06:57:04 EDT 2002
Ted Stringer <teds at ...5847...> writes:
> I am running rh7.3 linux, snort 1.8.7, acid0.9.6, and I am getting a lot
> of shellcode alerts. All of them are from legit http traffic from http
> servers. I thought that the "!" was the not operator. The shelcode
> variable is set to "!80" just the way it comes in the default settings.
> I hope someone can tell me what is wrong or at least point me in the
> right direction.
You probably don't have your $EXTERNAL_NET set correctly. The !80 is
on the destination port
Chris Green <cmg at ...1935...>
"I'm beginning to think that my router may be confused."
More information about the Snort-users