[Snort-users] PLEASE CC ME

Leonard Miller Leonard.Miller at ...7710...
Sat Nov 8 12:02:12 EST 2003


Did anybody ever post an answer to this?  i was just curious what it was

>>> "Stephan Weaver" <stephanweaver at ...125...> 11/07/03 09:01 AM >>>
Hello gooday list,
I am not on the list so can you guys please CC me at 
stephanweaver at ...125...

Here goes....
I am having a problem

i run snort of the same machine as my proxy server
defined home net variable as 192.168.0.0/24.
clients using the proxy server are logged in snort as follows...

[**] [1:620:3] SCAN Proxy (8080) attempt [**]
[Classification: Attempted Information Leak] [Priority: 2]
11/06-16:40:07.970541 192.168.0.9:1117 -> 192.168.0.200:8080
TCP TTL:128 TOS:0x0 ID:41741 IpLen:20 DgmLen:48 DF
******S* Seq: 0x7C3CD1  Ack: 0x0  Win: 0x2000  TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK

This is not supposed to be happening.

Thanks in Advance
Stephan Weaver



**********CONFIDENTIALITY NOTICE**********
The information contained in this e-mail may be proprietary and/or 
privileged and is intended for the sole use of the individual or 
organization named above.  If you are not the intended recipient or an 
authorized representative of the intended recipient, any review, copying
or distribution of this e-mail and its attachments, if any, is prohibited.
If you have received this e-mail in error, please notify the sender
immediately by return e-mail and delete this message from your system.





More information about the Snort-users mailing list