[Snort-users] NEW SNORT USER QUESTIONS

Bruce Cox brucecox31 at ...131...
Thu Sep 16 09:06:10 EDT 2004


TODAY IS THE FIRST TIME I HAVE USED SNORT ON MY FEDORA
OS.  COULD SOMEONE PLEASE TELL ME WHAT THE FOLLOWING
LINES MEAN.  WHY DO I GET THESE WARNING EVERYTIME I
VISIT THIS LINUX WEB SITE?
Sep 16 08:09:04 localhost snort: [1:1054:7] WEB-MISC
weblogic/tomcat .jsp view source attempt
[Classification: Web Application Attack] [Priority:
1]: {TCP} 192.168.0.2:32935 -> 209.120.155.233:80
Sep 16 08:12:50 localhost snort: [1:2570:6] WEB-MISC
Invalid HTTP Version String [Classification: Detection
of a non-standard protocol or event] [Priority: 2]:
{TCP} 192.168.0.2:32978 -> 63.111.66.11:80
Sep 16 08:13:18 localhost snort: [1:2570:6] WEB-MISC
Invalid HTTP Version String [Classification: Detection
of a non-standard protocol or event] [Priority: 2]:
{TCP} 192.168.0.2:32990 -> 63.111.66.11:80
Sep 16 08:14:27 localhost snort: [1:1200:10]
ATTACK-RESPONSES Invalid URL [Classification:
Attempted Information Leak] [Priority: 2]: {TCP}
66.77.165.226:80 -> 192.168.0.2:33011
Sep 16 08:15:39 localhost snort: [1:1200:10]
ATTACK-RESPONSES Invalid URL [Classification:
Attempted Information Leak] [Priority: 2]: {TCP}
66.77.165.226:80 -> 192.168.0.2:33007
Sep 16 08:18:32 localhost snort: [1:1200:10]
ATTACK-RESPONSES Invalid URL [Classification:
Attempted Information Leak] [Priority: 2]: {TCP}
66.77.165.226:80 -> 192.168.0.2:33015
Sep 16 08:21:07 localhost snort: [1:1200:10]
ATTACK-RESPONSES Invalid URL [Classification:
Attempted Information Leak] [Priority: 2]: {TCP}
66.77.165.226:80 -> 192.168.0.2:33033

BRUCE


		
__________________________________
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
http://mobile.yahoo.com/maildemo 




More information about the Snort-users mailing list