[Snort-users] Newbie: What does this mean?

Briggs, Bruce Bruce.Briggs at ...13183...
Tue Apr 12 05:34:48 EDT 2005

Is your router doing NAT for devices behind it?
If so, then all this log entry tells you is that some device behind the
router sent out a packet to the dest IP addr that triggered this alert.


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of John Plate
Sent: Tuesday, April 12, 2005 6:28 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Newbie: What does this mean?


I've found this in the log:

 # of  from             to               method
 30    (http_inspect) DOUBLE DECODING

The IP is my router to the Net. 

Does this mean that MY server did the attack?

Thanks in advance

SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list