[Snort-users] PLEASE CC ME
Leonard.Miller at ...7710...
Sat Nov 8 12:02:12 EST 2003
Did anybody ever post an answer to this? i was just curious what it was
>>> "Stephan Weaver" <stephanweaver at ...125...> 11/07/03 09:01 AM >>>
Hello gooday list,
I am not on the list so can you guys please CC me at
stephanweaver at ...125...
I am having a problem
i run snort of the same machine as my proxy server
defined home net variable as 192.168.0.0/24.
clients using the proxy server are logged in snort as follows...
[**] [1:620:3] SCAN Proxy (8080) attempt [**]
[Classification: Attempted Information Leak] [Priority: 2]
11/06-16:40:07.970541 192.168.0.9:1117 -> 192.168.0.200:8080
TCP TTL:128 TOS:0x0 ID:41741 IpLen:20 DgmLen:48 DF
******S* Seq: 0x7C3CD1 Ack: 0x0 Win: 0x2000 TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
This is not supposed to be happening.
Thanks in Advance
The information contained in this e-mail may be proprietary and/or
privileged and is intended for the sole use of the individual or
organization named above. If you are not the intended recipient or an
authorized representative of the intended recipient, any review, copying
or distribution of this e-mail and its attachments, if any, is prohibited.
If you have received this e-mail in error, please notify the sender
immediately by return e-mail and delete this message from your system.
More information about the Snort-users