[Snort-users] help

li wei kkndguy at ...125...
Thu Apr 10 11:56:30 EDT 2003


hi, all!
  i use snort-1.9.1 in openbsd3.3.When i read the alert file,i found 
somthing like that :
      [**] [1:615:3] SCAN SOCKS Proxy attempt [**]
      [Classification: Attempted Information Leak] [Priority: 2]
      04/09-11:11:10.440280 192.168.2.101:20 -> 192.168.2.145:1080
      TCP TTL:128 TOS:0x0 ID:55820 IpLen:20 DgmLen:48 DF
      ******S* Seq: 0xA62138F7  Ack: 0x0  Win: 0xFAF0  TcpLen: 28
      TCP Options (4) => MSS: 1460 NOP NOP SackOK
      [Xref => url help.undernet.org/proxyscan/]
what's "[1:615:3]" means in the message? There is sting like that in evey 
message.So , what's the string means?
    All the best,
   kkndguy


   



_________________________________________________________________
与联机的朋友进行交流,请使用 MSN Messenger:  http://messenger.msn.com/cn  





More information about the Snort-users mailing list