[Snort-users] HTTP Protocol Analysis

Sonika Malhotra sonikam at ...4044...
Fri May 14 05:18:07 EDT 2004


The /etc/hosts file of the proxy-server consist of 2 entries

1. loopback-ip    localhost

2. Internal-Interface-ip    host-name

There are no other entries . How would the host file entries cause the 
redirection. Can you please elaborate.
Thanx.


Harper, Patrick wrote:

>Have you checked the hosts file on the systems? 
>
>
>Patrick S. Harper | CISSP RHCT MCSE
>Information Security Engineer
>patrick.harper at ...11593... 
>
>
>-----Original Message-----
>From: Sonika Malhotra [mailto:sonikam at ...4044...] 
>Sent: Friday, May 14, 2004 12:34 AM
>To: snort-users
>Subject: [Snort-users] HTTP Protocol Analysis
>
>Hello List,
>
>I faced a recurrent problem in my network that any request to
>www.google.com , www.rediff.com .. etc was getting redirected to
>www.coolsavings.com.
>
>So the http traffic dump was taken using Snort. ( logger mode of Snort)
>
>The following was found in the HTTP session dump and it can be observed
>that the reply packet had extra appended tags as follows
>
>... rediff Page contents....
><HTML>
><META HTTP-EQUIV=Refresh Content="0; URL=http://www.coolsavings.com">
></HTML>
>
>Now this page is cached at our proxy and so all the requests are
>redirected to new url.
>
>when we disable the caching at proxy the problem is taken care of, but
>the mechanism of doing this is still not known.
>
>I shall be grateful it anybody can explain this process.
>
>Regards
>Sonika
>
>
>
>
>
>-------------------------------------------------------
>This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now
>for SourceForge Broadband and get the fastest
>6.0/768 connection for only $19.95/mo for the first 3 months!
>http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
>
>
>
>Disclaimer:
>This electronic message, including any attachments, is confidential and intended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately. 
>
>







More information about the Snort-users mailing list