OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
matthew.keay_at_Phones4u.co.uk
Date: Thu Oct 17 2002 - 03:31:08 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Doh, just read the email previous to this... ignore me.

    -----Original Message-----
    From: Matthew Keay
    Sent: 17 October 2002 08:36
    To: mkettlerevi-inc.com; Randy.Beyrivernorthsys.com;
    snort-userslists.sourceforge.net
    Subject: RE: [Snort-users] please help ID payload info

    It could also be any url (inbound or outbound afaik) that contains "passwd".
    (iirc, it might be a bit more specific).
    I often get false positives for this with groupware/weblog type traffic.
    -----Original Message-----
    From: Matt Kettler [mailto:mkettlerevi-inc.com]
    Sent: 15 October 2002 17:50
    To: Randy Bey; snort-userslists.sourceforge.net
    Subject: Re: [Snort-users] please help ID payload info
    Well, first did you check to see if this is actually coming from your
    webserver, or an external one? You left any details about that out, so I
    figure it's worth asking just to be sure. If it's an external webserver, I
    bet it's a webpage containing sample output from a security check tool.

    also you claim that's similar to content sent out via email... do you have
    some sort of webmail access going where you might be accessing those emails
    from your webserver, causing it to legitimately send that content?
    If that's actually coming from your webserver, and you don't have webmail,
    I'd check for security updates on ALL the webserver tools I was running
    running if I were you :)

    *************************************************************
    This email, and any attachment, is confidential. If you have
    received it in error, please delete it from your system.

    Do not use or disclose the information in any way, and notify
    the sender immediately.

    The contents of this message may contain personal views which
    are not the views of Phones4U Ltd or any other company within
    the Caudwell Group, unless specifically stated.

    You may not disclose any information contained herein unless
    disclosure is specifically allowed or the information is
    publicly available.
    *************************************************************

    -------------------------------------------------------
    This sf.net email is sponsored by: viaVerio will pay you up to
    $1,000 for every account that you consolidate with us.
    http://ad.doubleclick.net/clk;4749864;7604308;v?
    http://www.viaverio.com/consolidator/osdn.cfm
    _______________________________________________
    Snort-users mailing list
    Snort-userslists.sourceforge.net
    Go to this URL to change user options or unsubscribe:
    https://lists.sourceforge.net/lists/listinfo/snort-users
    Snort-users list archive:
    http://www.geocrawler.com/redir-sf.php3?list=snort-users