Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Scott Taylor (scotttsoccer.com)
Date: Tue Feb 26 2002 - 12:11:06 CST
Another snort log question. Sorry, trying to get
up to speed on this.
[**] [1:1201:1] WEB-MISC 403 Forbidden [**]
[Classification: Attempted Information Leak]
02/25-19:26:21.830746 (myfirewallip):80 ->
TCP TTL:64 TOS:0x0 ID:15896 IpLen:20 DgmLen:539
***AP*** Seq: 0x3911FED Ack: 0x99D71666 Win:
0x16D0 TcpLen: 20
This shows up in my snort log. It says I'm the
source of the alert.(I think) Is that true?
I have apache running with rules that only allow
connections from certain IP address's. Would
that be the cause? It's denying this person
access or is this really an attack of some sort
THERE IS ONLY ONE...
SOCCER.COM, The Center of the Soccer Universe
Snort-users mailing list
Go to this URL to change user options or unsubscribe:
Snort-users list archive: