Fwd: seamus 2001/09/06 22:15 ACTIVE SYSTEM ATTACK!

To: debian users <debian-user@lists.debian.org>
Subject: Fwd: seamus 2001/09/06 22:15 ACTIVE SYSTEM ATTACK!
From: Martin F Krafft <madduck@madduck.net>
Date: Thu, 6 Sep 2001 22:35:10 +0200
Message-id: <[🔎] 20010906223510.A12932@fishbowl.madduck.net>
Mail-followup-to: Martin F Krafft <madduck@madduck.net>, debian users <debian-user@lists.debian.org>

i use snort and logcheck, and there is a windoze machine (NT4) on my
subnet (unfortunately), and i constantly get this message from snort
via logcheck. wtf???

----- Forwarded message from root <root@madduck.net> -----

Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Sep  6 22:00:34 seamus snort: spp_http_decode: IIS Unicode attack
detected: 192.168.14.22:1594 -> 62.109.129.165:80

----- End forwarded message -----

there are *no* attacks, i verified that, *and* we are firewalled,
*and* there is no IIS on either. what's up?

martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
-- 
i have the power to channel my imagination
into ever-soaring levels of suspicion and paranoia.

Reply to:

Prev by Date: Re: How to handle "unofficial package" upgrade
Next by Date: Re: devfs
Previous by thread: Re: lxdoom-x11 and music
Next by thread: Re: Fwd: seamus 2001/09/06 22:15 ACTIVE SYSTEM ATTACK!
Index(es):
- Date
- Thread