[Oisf-users] A lot of alerts against proxy server
Victor Julien
lists at inliniac.net
Tue Nov 13 10:56:05 UTC 2012
On 11/13/2012 11:39 AM, C. L. Martinez wrote:
> Hi all,
>
> Some days ago, my suricata sensor (version 1.3.3) has become to
> launch a lot of alerts like this:
>
> 11/13/2012-08:31:16.762052 [**] [1:2221000:1] SURICATA HTTP unknown
> error [**] [Classification: Generic Protocol Command Decode]
> [Priority: 3] {TCP} 192.168.130.28:1389 -> 192.168.0.15:80
>
> IP 192.168.0.15 is our internal proxy. To reach this proxy server, all
> workstation needs to traverse a firewall appliance. Maybe is this the
> problem??
Can you share a pcap?
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list