| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: zen32689 at zen.co.uk (George Adamopoulos) Subject: Reverse http traffic revisited On 18 Jan 2004 01:12:17 -0800 "Daniel H. Renner" <dan@...angelescomputerhelp.com> wrote: > ICMP PING CyberKit 2.2 Windows This is how snort detects blaster's/nachi's attempts to ping an IP in order to check if it's alive, before trying to connect to port 80. Could be another variation of the blaster worm.I would check (Also snort may detect Cyberkit's 2.2 packets as well, but i suppose that is something you would know of). If the packets are incoming, it is a normal thing that i witness in snort's logs as well very often. Actually, i have removed the rule from snort's rulesets, because it used to fill my logs with cyberkit attempts :P. If it is outgoing traffic, i would suggest that you should run trend's housecall (free online antivirus) on the windows servers/workstations of your network. Also... gateway.dll is because of msn chat. If you add a deny acl for gateway.dll in your squid.conf, your workstations won't be able to use msn chat any more. Giorgos Adamopoulos
Powered by blists - more mailing lists