[Snort-users] Is this an exploit attempt - or normal activity?

Joel Esler joel.esler at ...1935...
Wed Feb 15 06:23:19 EST 2006


Don,

Thanks for writing.  We'd be glad to help you analyze your alerts,  
but we need the contents of the packets.  Please post the payload to  
the list along with your email.

Joel


On Feb 15, 2006, at 7:52 AM, CasperLinux wrote:

> Events between  02 14 06:29:19  and  02 15 01:56:52
>    14  66.177.117.xxx   192.xxx.x.x     (http_inspect) OVERSIZE  
> REQUEST-URI
> DIRECTORY
>
> I've tried to look this up but can not really determine.  I did  
> report the IP
> to Comcast but they don't respond (not that I expected them to).   
> This same
> IP is nearly 100% of the source of my "intrusion" detection for  
> this same
> activity.  I have checked the apache logs but do not see anything  
> that I
> would consider as a smoking gun.
>
> Is this an issue or can I ignore this?
>
> Don
> -- 
> - Powered by Debian Linux -
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through  
> log files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD  
> SPLUNK!
> http://sel.as-us.falkag.net/sel? 
> cmd=lnk&kid=103432&bid=230486&dat=121642
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>





More information about the Snort-users mailing list