[Snort-users] IDS alert

Naveen C Joshi naveen_joshi at ...11009...
Sat May 8 05:08:09 EDT 2004


Hi All :

I am sorry if I am wrong to post this kind of problem to this mailing list.
I have installed snort on my network and it generating alert for the an
attack. the attack is as bellow

"May 7 19:59:43  snort: [1:1010:5] WEB-IIS encoding access [Classification:
access to a potentially vulnerable web application] [Priority: 2]: {TCP}
63.208.194.89:80 -> xxx.xxx.xxx.xxx:2245 "

Please let me know how should I make defense for this alert?  It comes very
frequently and with different source IP to different destination IP.

I do not have the Snort Sam installed on my machine Redhat 9.0.


Please help on this problem.

Regards

Naveen





More information about the Snort-users mailing list