Hi,
If I remember correctly the email used to have source and destination information, see below.
BTW, I'm getting tons of CRIT-852 IPS email notifications..... haven't seen this many ever... 57 in less than 3 hours. I'll keep an eye on this issue and report it separately if I need to.
Paul
Details about the intrusion alert:
Message........: WEB-MISC Multiple vendor Antivirus magic byte detection evasion attempt
Details........: Snort ::
Time...........: 2011:05:31-14:34:55
Packet dropped.: yes
Priority.......: 1high
Classification.: Attempted User Privilege Gain
IP protocol....: 6 (TCP)
Source IP address: $SRC_IP $SRC_HOST
- www.dnsstuff.com/.../ptr.ch
- www.ripe.net/.../whois
- ws.arin.net/.../whois.pl
- cgi.apnic.net/.../whois.pl
$SRC_PORT
Destination IP address: $DST_IP $DST_HOST
- www.dnsstuff.com/.../ptr.ch
- www.ripe.net/.../whois
- ws.arin.net/.../whois.pl
- cgi.apnic.net/.../whois.pl
$DST_PORT
Guest User!
You are not Sophos Staff.
