[Snort-users] IIS UNICODE Attack?

WAN FAT WU wuwanfat at ...8113...
Mon Feb 9 07:22:21 EST 2004


Hi All,

When I start the snort in console alert mode(-A
console), I notified the following alert. 

(http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
02/10-10:50:30.021189 192.168.1.140:1125 ->
216.136.232.84:80
TCP TTL:64 TOS:0x0 ID:28461 IpLen:20 DgmLen:1140 DF
***AP*** Seq: 0x9BBA7C19  Ack: 0xA2959A99  Win: 0x16D0
 TcpLen: 32
TCP Options (3) => NOP NOP TS: 327805 658179166
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

My IP is 192.168.1.140(linux machine).
I have checked that 216.136.232.84 is yahoo.

Am my computer being comprised? 

Please help me!

Best,
Fred




_________________________________________________________
必殺技、飲歌、小星星...
浪漫鈴聲  情心連繫
http://us.rd.yahoo.com/evt=22281/*http://ringtone.yahoo.com.hk/




More information about the Snort-users mailing list