short update -
I have blocked
but still seem like we might have issues -
1394ip$EXTERNAL_NETany$HOME_NETany SHELLCODE x86 inc ecx NOOP
has anyone else seen this - when all the user is doing is remote email ?
I would like not to have to disable all shellcode stuff.
On Nov 11, 2009, at 10:19 AM, Glenn Kelley wrote:
This is an example from the log
[ ** ] [ 1:1394:10 ] SHELLCODE x86 inc ecx NOOP [ ** ]
[ Classification: Executable code was detected ] [ Priority: 1 ]
11/11-09:58:59.141360 9ip.ip.ip.ip:1639 ->
serverip.serverip.serverip.serverip:587 TCP TTL:111 TOS:0x0 ID:
24071 IpLen:20 DgmLen:1500 DF ***AP*** Seq: 0xA4EC7036 Ack:
0x5429998 Win: 0xFE93 TcpLen: 20
removed ip's from above example
On Nov 11, 2009, at 10:06 AM, Glenn Kelley wrote:
My GA office keeps getting blocked in snort. When I look I see it's
blocked due to "SHELLCODE x86 inc ecx NOOP "
That's not a fixed IP so I can't just whitelist it. any
suggestions ?
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
