Fwd: seamus 2001/09/06 22:15 ACTIVE SYSTEM ATTACK!
i use snort and logcheck, and there is a windoze machine (NT4) on my
subnet (unfortunately), and i constantly get this message from snort
via logcheck. wtf???
----- Forwarded message from root <root@madduck.net> -----
Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Sep 6 22:00:34 seamus snort: spp_http_decode: IIS Unicode attack
detected: 192.168.14.22:1594 -> 62.109.129.165:80
----- End forwarded message -----
there are *no* attacks, i verified that, *and* we are firewalled,
*and* there is no IIS on either. what's up?
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck
--
i have the power to channel my imagination
into ever-soaring levels of suspicion and paranoia.
Reply to: