[Snort-users] porn.rules

dhottinger at ...14237... dhottinger at ...14237...
Fri Nov 9 10:39:41 EST 2007


Quoting Paul Melson <pmelson at ...11827...>:

>> Im seeing a connection to  PORN masturbation site.  However the source
> address
>> 74.205.54.243:80 doesnt resolve.  Does anyone know what this address is?
> dnsstuff.com says
>> it belongs to rackspace.com, Im thinking rackspace probably rents server
> space for domains?
>
> Webhosting.info says it's diceext.com.
> http://whois.webhosting.info/74.205.54.243
>
> I don't find any other domains using that IP, so that's probably accurate.
> Are you proxying web traffic through anything like ISA Server or Squid?  If
> so, you'll have the fqdn in a log file somewhere.
>
> PaulM
>
I use squid.  Im looking through the access logs now.  If I send the  
payload, can someone look at it and determine if it is a false hit?  I  
dont think it is though.

thanks,




-- 
Dwayne Hottinger
Network Administrator
Harrisonburg City Public Schools

"rarely do people communicate, they just take turns talking"





More information about the Snort-users mailing list