[Oisf-users] A lot of alerts against proxy server
Victor Julien
lists at inliniac.net
Tue Nov 13 11:08:49 UTC 2012
On 11/13/2012 12:00 PM, C. L. Martinez wrote:
> On Tue, Nov 13, 2012 at 10:56 AM, Victor Julien <lists at inliniac.net> wrote:
>> On 11/13/2012 11:39 AM, C. L. Martinez wrote:
>>> Hi all,
>>>
>>> Some days ago, my suricata sensor (version 1.3.3) has become to
>>> launch a lot of alerts like this:
>>>
>>> 11/13/2012-08:31:16.762052 [**] [1:2221000:1] SURICATA HTTP unknown
>>> error [**] [Classification: Generic Protocol Command Decode]
>>> [Priority: 3] {TCP} 192.168.130.28:1389 -> 192.168.0.15:80
>>>
>>> IP 192.168.0.15 is our internal proxy. To reach this proxy server, all
>>> workstation needs to traverse a firewall appliance. Maybe is this the
>>> problem??
>>
>> Can you share a pcap?
>>
>> --
>
> Yes, give some time. Where can I upload it??
>
Please narrow it down to a single TCP session, preferably a small one.
You can email that to the list or to me privately.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list