Re: snort rules (Was: Attack alert from snort)

2001-07-12 Thread Bart-Jan Vrielink
On Thu, 12 Jul 2001, Martin Domig wrote: > As I am using snort I keep getting many warnings in my logfiles which I > don't know what they mean. For example the following entry: > > Jul 11 01:17:46 keeper snort[6079]: IDS266 - CAN-1999-0261 - SMTP Chameleon > Overflow: xxx.xxx.xxx.xxx:44772 -> yyy.

Re: snort rules (Was: Attack alert from snort)

2001-07-12 Thread Bart-Jan Vrielink
On Thu, 12 Jul 2001, Martin Domig wrote: > As I am using snort I keep getting many warnings in my logfiles which I > don't know what they mean. For example the following entry: > > Jul 11 01:17:46 keeper snort[6079]: IDS266 - CAN-1999-0261 - SMTP Chameleon > Overflow: xxx.xxx.xxx.xxx:44772 -> yyy

Re: snort rules (Was: Attack alert from snort)

2001-07-12 Thread Jigal Weinberg
On Thu, 12 Jul 2001, Martin Domig wrote: > Hello > > As I am using snort I keep getting many warnings in my logfiles which I > don't know what they mean. For example the following entry: > > Jul 11 01:17:46 keeper snort[6079]: IDS266 - CAN-1999-0261 - SMTP Chameleon > Overflow: xxx.xxx.xxx.xxx:4

snort rules (Was: Attack alert from snort)

2001-07-12 Thread Martin Domig
Hello As I am using snort I keep getting many warnings in my logfiles which I don't know what they mean. For example the following entry: Jul 11 01:17:46 keeper snort[6079]: IDS266 - CAN-1999-0261 - SMTP Chameleon Overflow: xxx.xxx.xxx.xxx:44772 -> yyy.yyy.yyy.yyy:25 This tells me that someone i

Re: snort rules (Was: Attack alert from snort)

2001-07-12 Thread Jigal Weinberg
On Thu, 12 Jul 2001, Martin Domig wrote: > Hello > > As I am using snort I keep getting many warnings in my logfiles which I > don't know what they mean. For example the following entry: > > Jul 11 01:17:46 keeper snort[6079]: IDS266 - CAN-1999-0261 - SMTP Chameleon > Overflow: xxx.xxx.xxx.xxx:

snort rules (Was: Attack alert from snort)

2001-07-12 Thread Martin Domig
Hello As I am using snort I keep getting many warnings in my logfiles which I don't know what they mean. For example the following entry: Jul 11 01:17:46 keeper snort[6079]: IDS266 - CAN-1999-0261 - SMTP Chameleon Overflow: xxx.xxx.xxx.xxx:44772 -> yyy.yyy.yyy.yyy:25 This tells me that someone

Re: Attack alert from snort

2001-07-10 Thread Jigal Weinberg
On Fri, 06 Jul 2001, Philippe Clérié wrote: > I got the following from snort : > > Active System Attack Alerts > =-=-=-=-=-=-=-=-=-=-=-=-=-= > Jul 6 07:48:19 canopus snort[3884]: spp_http_decode: IIS Unicode > attack detected: 128.95.75.153:1647 -> 208.52.11.121:80 > > Active System Attack Al

Re: Attack alert from snort

2001-07-10 Thread Jigal Weinberg
On Fri, 06 Jul 2001, Philippe Clérié wrote: > I got the following from snort : > > Active System Attack Alerts > =-=-=-=-=-=-=-=-=-=-=-=-=-= > Jul 6 07:48:19 canopus snort[3884]: spp_http_decode: IIS Unicode > attack detected: 128.95.75.153:1647 -> 208.52.11.121:80 > > Active System Attack Ale

Attack alert from snort

2001-07-06 Thread Philippe Clérié
I got the following from snort : Active System Attack Alerts =-=-=-=-=-=-=-=-=-=-=-=-=-= Jul 6 07:48:19 canopus snort[3884]: spp_http_decode: IIS Unicode attack detected: 128.95.75.153:1647 -> 208.52.11.121:80 Active System Attack Alerts =-=-=-=-=-=-=-=-=-=-=-=-=-= Jul 6 05:36:39 canopus snort[

Attack alert from snort

2001-07-06 Thread Philippe Clérié
I got the following from snort : Active System Attack Alerts =-=-=-=-=-=-=-=-=-=-=-=-=-= Jul 6 07:48:19 canopus snort[3884]: spp_http_decode: IIS Unicode attack detected: 128.95.75.153:1647 -> 208.52.11.121:80 Active System Attack Alerts =-=-=-=-=-=-=-=-=-=-=-=-=-= Jul 6 05:36:39 canopus snort