This is an example from the log
[ ** ] [ 1:1394:10 ] SHELLCODE x86 inc ecx NOOP [ ** ]
[ Classification: Executable code was detected ] [ Priority: 1 ]
11/11-09:58:59.141360 9ip.ip.ip.ip:1639 ->
serverip.serverip.serverip.serverip:587 TCP TTL:111 TOS:0x0 ID:24071
IpLen:20 DgmLen:1500 DF ***AP*** Seq: 0xA4EC7036 Ack: 0x5429998 Win:
0xFE93 TcpLen: 20
removed ip's from above example
On Nov 11, 2009, at 10:06 AM, Glenn Kelley wrote:
My GA office keeps getting blocked in snort. When I look I see it's
blocked due to "SHELLCODE x86 inc ecx NOOP "
That's not a fixed IP so I can't just whitelist it. any
suggestions ?
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
