On Fri, 06 Jul 2001, Philippe Clérié wrote:
> I got the following from snort :
>
> Active System Attack Alerts
> =-=-=-=-=-=-=-=-=-=-=-=-=-=
> Jul 6 07:48:19 canopus snort[3884]: spp_http_decode: IIS Unicode
> attack detected: 128.95.75.153:1647 -> 208.52.11.121:80
>
> Active System Attack Alerts
> =-=-=-=-=-=-=-=-=-=-=-=-=-=
> Jul 6 05:36:39 canopus snort[526]: spp_http_decode: IIS Unicode
> attack detected: 204.253.198.48:61383 -> 216.136.172.167:80
>
> The bottom one particularly worries me as that seems to come from my
> system. Should I worry? If so how do I go about getting out of
> trouble?
You might want to check the payload of the packets and verify whether
this is a genuine positive.
You might be dealing with a false positive here.
greets
Jigal
--
In short, his argument is that Holland, Germany and France (the biggest
critic of Echelon) are bigger buggers of their own citizens than the
Anglo-Saxon nations they're so paranoid about.
-<John Leyden The Register>
