[Snort-users] porn.rules

dhottinger at ...14237... dhottinger at ...14237...
Fri Nov 9 10:39:41 EST 2007

Quoting Paul Melson <pmelson at ...11827...>:

>> Im seeing a connection to  PORN masturbation site.  However the source
> address
>> doesnt resolve.  Does anyone know what this address is?
> dnsstuff.com says
>> it belongs to rackspace.com, Im thinking rackspace probably rents server
> space for domains?
> Webhosting.info says it's diceext.com.
> http://whois.webhosting.info/
> I don't find any other domains using that IP, so that's probably accurate.
> Are you proxying web traffic through anything like ISA Server or Squid?  If
> so, you'll have the fqdn in a log file somewhere.
> PaulM
I use squid.  Im looking through the access logs now.  If I send the  
payload, can someone look at it and determine if it is a false hit?  I  
dont think it is though.


Dwayne Hottinger
Network Administrator
Harrisonburg City Public Schools

"rarely do people communicate, they just take turns talking"

More information about the Snort-users mailing list