[Oisf-users] A lot of alerts against proxy server
C. L. Martinez
carlopmart at gmail.com
Tue Nov 13 11:00:27 UTC 2012
On Tue, Nov 13, 2012 at 10:56 AM, Victor Julien <lists at inliniac.net> wrote:
> On 11/13/2012 11:39 AM, C. L. Martinez wrote:
>> Hi all,
>>
>> Some days ago, my suricata sensor (version 1.3.3) has become to
>> launch a lot of alerts like this:
>>
>> 11/13/2012-08:31:16.762052 [**] [1:2221000:1] SURICATA HTTP unknown
>> error [**] [Classification: Generic Protocol Command Decode]
>> [Priority: 3] {TCP} 192.168.130.28:1389 -> 192.168.0.15:80
>>
>> IP 192.168.0.15 is our internal proxy. To reach this proxy server, all
>> workstation needs to traverse a firewall appliance. Maybe is this the
>> problem??
>
> Can you share a pcap?
>
> --
Yes, give some time. Where can I upload it??
More information about the Oisf-users
mailing list