[Snort-users] help with interpreting log

tonycowling at ...3945... tonycowling at ...3945...
Tue Feb 15 08:14:25 EST 2005


for example I have these type logs from hotmail
 
[**] (http_inspect) DOUBLE DECODING ATTACK [**]

what more should I include for someone to shed light on an example log?
Is this something to be concerned about other than the fact that it is hotmail for example?

I also have entries that start with:
[**] (portscan) Open Port [**]

Looks like a connection started by someone within my network.
What is the best way to start to get info on interpreting logs?






More information about the Snort-users mailing list