[Snort-users] DOUBLE DECODING ATTACK

Briggs, Bruce Bruce.Briggs at ...13183...
Tue Apr 5 09:12:41 EDT 2005


For a write-up on (http_inspect) DOUBLE DECODING ATTACK, see file
119-4.txt in your Snort install /doc/signatures

Bruce

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Mark
Sargent
Sent: Tuesday, March 29, 2005 12:50 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] DOUBLE DECODING ATTACK

Hi All,

what is a

> DOUBLE DECODING ATTACK

03/16-14:31:26.935885  [**] [119:2:1] (http_inspect) DOUBLE DECODING 
ATTACK [**]  {TCP} 192.168.0.12:34027 -> 64.4.55.109:80
found in Snort. The IP is msnhotmail. I imagine harmless, yes..? Cheers.

Mark Sargent.


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list