NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Snort IDS> 2009-07

[Snort-users] problems in understanding snort alerts

From: gone save (gonesavegmail.com)
Date: Sat Jul 25 2009 - 11:55:58 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

hi, all. i am a newbie of snort, my snort send me some alerts and i really
can't understand them. could any one help me out? following are the alerts:

[**] [1:882:6] WEB-CGI calendar access [**]
[Classification: Attempted Information Leak] [Priority: 2]
07/25-17:09:25.819198 192.168.1.100:3456 -> 64.233.189.154:80
TCP TTL:64 TOS:0x0 ID:43196 IpLen:20 DgmLen:929 DF
***AP*** Seq: 0x805579D5 Ack: 0xCD24FF3D Win: 0xB5C9 TcpLen: 32
TCP Options (3) => NOP NOP TS: 73585 2972519554

[**] [1:1062:7] WEB-MISC nc.exe attempt [**]
[Classification: access to a potentially vulnerable web application]
[Priority:
2]
07/25-17:09:30.696473 192.168.1.100:3462 -> 64.233.189.154:80
TCP TTL:64 TOS:0x0 ID:43289 IpLen:20 DgmLen:1303 DF
***AP*** Seq: 0x8E344CC0 Ack: 0x27BA7E82 Win: 0xB5C9 TcpLen: 20

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]