[Snort-users] how to handle this problem

derk van de Velde derk at ...11777...
Thu May 20 05:56:06 EDT 2004


hi,

if found this in met authlog from snort

May 20 02:19:28 pcvisie snort: [1:2307:2] WEB-PHP PayPal Storefront
arbitrary command execution attempt [Classification: Web Application Attack]
[Priority: 1]: {TCP} 10.0.3.128:4978 -> 207.46.130.110:80
May 20 02:19:28 pcvisie snort: [1:2307:2] WEB-PHP PayPal Storefront
arbitrary command execution attempt [Classification: Web Application Attack]
[Priority: 1]: {TCP} 10.0.3.128:4979 -> 207.46.130.110:80

snortalog said high

when i check the 2307 sid on snort.org, it is not clear to me how t handle
this.

what steps should i take

regards,
derk






More information about the Snort-users mailing list