--On Friday, November 09, 2007 09:29:58 -0500
dhottinger@harrisonburg.k12.va.us wrote:
Quoting Joel Esler <joel.esler@sourcefire.com>:
Either.
--
Joel Esler
Sent from the road.
On Nov 9, 2007, at 9:09 AM, dhottinger@harrisonburg.k12.va.us wrote:
Are the porn.rules flagged based on words typed in url's or search
strings?
--
Im seeing a connection to PORN masturbation site. However the source
address 74.205.54.243:80 doesnt resolve. Does anyone know what this
address is? dnsstuff.com says it belongs to rackspace.com, Im
thinking rackspace probably rents server space for domains?
[ Informations about 74.205.43.243 ]
IP range : 74.205.43.240 - 74.205.43.247
Network name : RSPC-119544-1177630982
Infos : Answers in Genisis
Infos : P.O. Box 510
Infos : Hebron
Infos : KY
Infos : 41048
Country : United States (US)
Abuse E-mail : abuse@rackspace.com
Source : ARIN
The IP doesn't reverse. Verisign is the SOA. Port 80 *is* open.
# nmap 74.205.43.243
Starting Nmap 4.20 ( http://insecure.org ) at 2007-11-09 11:37 CST
Interesting ports on 74.205.43.243:
Not shown: 1692 filtered ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp closed ssh
80/tcp open http
443/tcp open https
3389/tcp open ms-term-serv
--
Paul Schmehl (pauls@utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
