Don,
Thanks for writing. We'd be glad to help you analyze your alerts,
but we need the contents of the packets. Please post the payload to
the list along with your email.
Joel
On Feb 15, 2006, at 7:52 AM, CasperLinux wrote:
Events between 02 14 06:29:19 and 02 15 01:56:52
14 66.177.117.xxx 192.xxx.x.x (http_inspect) OVERSIZE
REQUEST-URI
DIRECTORY
I've tried to look this up but can not really determine. I did
report the IP
to Comcast but they don't respond (not that I expected them to).
This same
IP is nearly 100% of the source of my "intrusion" detection for
this same
activity. I have checked the apache logs but do not see anything
that I
would consider as a smoking gun.
Is this an issue or can I ignore this?
Don
--
- Powered by Debian Linux -
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through
log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD
SPLUNK!
http://sel.as-us.falkag.net/sel?
cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
