We are seeing quite a lots of this events from of our customer's Realsecure NS 7.0 (MU21.2)
Anyone has any idea what is this? New worms running around or what? Event Name: HTTP_URL_Name_Very_Long Date/Time: 2003/09/25 18:34:28 Source Addr: 210.3.252.138 Destination Addr: x.x.x.x Sensor Location: [EMAIL PROTECTED] AlertType: SuspiciousTCP AlertPriority: 2 AlertID: I7VRWS9YBSUTDH8OHCYFFQU7W6 algorithm-id: 2000601 Source IPAddress Name: 210.3.252.138 Destination IPAddress Name: x.x.x.x Source Port: 4171 Source Port Name: Destination Port: 80 Destination Port Name: http Protocol Id: TCP(6) URL: /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA URL-length: 12808 evasions: uses non-ASCII characters; victim-ip-addr: x.x.x.x victim-port: 80 intruder-ip-addr: 210.3.252.138 intruder-port: 4171 Actions Taken: Log To Database: LogWithoutRaw:0 ******************************************* Chan Kien Eng, CISSP Head (Technical and Engineering Division) Evolution Security Solutions Sdn. Bhd. 15.09 Signature Office The Boulevard, Mid Valley City 59200 Kuala Lumpur. Email: [EMAIL PROTECTED] Tel: 603-22879939 Ext 110 Fax: 603-22879929 "Make it works, make it better" ******************************************** *****Confidentiality Notice***************** This message contains confidential information and is intended only for the individual named.If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. ******************************************** _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
