[Snort-users] HTTP Protocol Analysis

Ms.Sonika Malhotra sonikam at ...4044...
Mon May 17 03:53:00 EDT 2004


Is there a tool to detect the spyware in LAN? ie perhaps I can run
tool from a single host and get a list of suspicious programs running on
different hosts in the LAN.

Regards

On Mon, 17 May 2004, Uso wrote:

> Looks like spyware. I would run spybot on PCs and server and then have a 2nd
> look.
> regards
> Uso
> ----- Original Message -----
> From: "Sonika Malhotra" <sonikam at ...4044...>
> To: "snort-users" <snort-users at lists.sourceforge.net>
> Sent: Friday, May 14, 2004 10:33 AM
> Subject: [Snort-users] HTTP Protocol Analysis
>
>
> > Hello List,
> >
> > I faced a recurrent problem in my network that any request to
> > www.google.com , www.rediff.com .. etc was getting redirected to
> > www.coolsavings.com.
> >
> > So the http traffic dump was taken using Snort. ( logger mode of Snort)
> >
> > The following was found in the HTTP session dump and it can be observed
> > that the reply packet had extra appended tags as follows
> >
> > ... rediff Page contents....
> > <HTML>
> > <META HTTP-EQUIV=Refresh Content="0; URL=http://www.coolsavings.com">
> > </HTML>
> >
> > Now this page is cached at our proxy and so all the requests are
> > redirected to new url.
> >
> > when we disable the caching at proxy the problem is taken care of, but
> > the mechanism of doing this is still not known.
> >
> > I shall be grateful it anybody can explain this process.
> >
> > Regards
> > Sonika
> >
> >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: SourceForge.net Broadband
> > Sign-up now for SourceForge Broadband and get the fastest
> > 6.0/768 connection for only $19.95/mo for the first 3 months!
> > http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
>
>





More information about the Snort-users mailing list