[Snort-users] WEB Cross-site scripting attempt

dcox at ...12138... dcox at ...12138...
Fri Jul 16 06:42:08 EDT 2004






Greetings All,

I am getting thousands of alerts on the " Bleeding-Edge Web Cross-site
scripting attempt" rule. These alerts are being logged from my external
(public side of firewall) snort box.  All the alerts are pointing to the
same ip of 63.211.238.135:80 as  the Destination address and my public
interface as the source address. The internal snort box doesn't alert on
this at all.

Can anybody give me some information on the rule itself, and whether I
should be concerned or not.

Thanks in advance.

Dan Cox
Systems Technician
MedQuist Inc, 310
720.206.1000
800.331.3395
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040716/56b96d05/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: C6862928.gif
Type: image/gif
Size: 54936 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040716/56b96d05/attachment.gif>


More information about the Snort-users mailing list