[Snort-users] Newbie: What does this mean?

Briggs, Bruce Bruce.Briggs at ...13183...
Tue Apr 12 05:34:48 EDT 2005


Is your router doing NAT for devices behind it?
If so, then all this log entry tells you is that some device behind the
router sent out a packet to the dest IP addr that triggered this alert.

Bruce 

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of John Plate
Sent: Tuesday, April 12, 2005 6:28 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Newbie: What does this mean?

Hi

I've found this in the log:

========================================================================
=
 # of  from             to               method
========================================================================
=
 30  192.168.1.2      65.54.186.250    (http_inspect) DOUBLE DECODING
ATTACK

The IP 192.168.1.2 is my router to the Net. 

Does this mean that MY server did the attack?

Thanks in advance
John





-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list