i use snort and logcheck, and there is a windoze machine (NT4) on my subnet (unfortunately), and i constantly get this message from snort via logcheck. wtf???
----- Forwarded message from root <[EMAIL PROTECTED]> ----- Active System Attack Alerts =-=-=-=-=-=-=-=-=-=-=-=-=-= Sep 6 22:00:34 seamus snort: spp_http_decode: IIS Unicode attack detected: 192.168.14.22:1594 -> 62.109.129.165:80 ----- End forwarded message ----- there are *no* attacks, i verified that, *and* we are firewalled, *and* there is no IIS on either. what's up? martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] -- i have the power to channel my imagination into ever-soaring levels of suspicion and paranoia.
