[Snort-users] Newbie: What does this mean?
sblinux at ...9344...
Tue Apr 12 10:55:54 EDT 2005
I have been getting the same entry in my logs with Hotmail/Microsoft servers being the destination and my public IP as the source. Guess where 184.108.40.206 points to.
I've just been ignoring it.
----- Original Message -----
From: "Briggs, Bruce" <Bruce.Briggs at ...13183...>
Date: Tuesday, April 12, 2005 10:55 am
Subject: RE: [Snort-users] Newbie: What does this mean?
> So far, I have not found anything anywhere to indicate what client
> software can be causing this alert to trigger.
> Perhaps someone else on the list has a clue.
> -----Original Message-----
> From: John Plate [plate at ...13254...]
> Sent: Tuesday, April 12, 2005 10:19 AM
> To: Briggs, Bruce
> Subject: Re: [Snort-users] Newbie: What does this mean?
> Briggs, Bruce wrote:
> > Is your router doing NAT for devices behind it?
> > If so, then all this log entry tells you is that some device behind
> > router sent out a packet to the dest IP addr that triggered this
> I've run clamscan without any hint of problems. Can you recommend
> other tools that can detect the guilty program?
> > -----Original Message-----
> > From: snort-users-admin at lists.sourceforge.net
> > [snort-users-admin at lists.sourceforge.net] On Behalf Of John
> > Sent: Tuesday, April 12, 2005 6:28 AM
> > To: snort-users at lists.sourceforge.net
> > Subject: [Snort-users] Newbie: What does this mean?
> > Hi
> > I've found this in the log:
> > =
> > # of from to method
> > =
> > 30 192.168.1.2 220.127.116.11 (http_inspect) DOUBLE
> DECODING> ATTACK
> > The IP 192.168.1.2 is my router to the Net.
> > Does this mean that MY server did the attack?
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real
> users.Discover which products truly live up to the hype. Start
> reading now.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users