[Snort-users] Snort alerts caused by possible legit traffic?

NismoSkyline NismoSkyline at ...5068...
Sat Jun 7 00:55:06 EDT 2003


Alot of machines using the same ISP as me, have been setting off snort like shown below. Is it possible this is legit traffic?

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/06-05:46:18.582271 attackerIP:2074 -> myIP:80
TCP TTL:117 TOS:0x0 ID:2119 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x235969AC  Ack: 0xAB4D7465  Win: 0x4470  TcpLen: 20

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030607/d0ecb112/attachment.html>


More information about the Snort-users mailing list