Hi,
i my outgoing traffic is very high (192 Kbit at Upstream with 192 KBit).
In ips-log i have found following messages:
2006:08:25-09:32:08 (none) snort[858]: [119:2:1] (http_inspect) DOUBLE DECODING ATTACK {PROTO006} 84.162.205.50:39426 -> 208.67.66.11:80
2006:08:25-09:32:09 (none) snort[858]: [119:2:1] (http_inspect) DOUBLE DECODING ATTACK {PROTO006} 84.162.205.50:39356 -> 212.23.33.23:80
2006:08:25-09:35:35 (none) snort[858]: [119:2:1] (http_inspect) DOUBLE DECODING ATTACK {PROTO006} 84.162.205.50:39670 -> 208.67.66.11:80
2006:08:25-09:35:36 (none) snort[858]: [119:2:1] (http_inspect) DOUBLE DECODING ATTACK {PROTO006} 84.162.205.50:39356 -> 212.23.33.23:80
2006:08:25-09:35:40 (none) snort[858]: [119:2:1] (http_inspect) DOUBLE DECODING ATTACK {PROTO006} 84.162.205.50:39685 -> 208.67.66.11:80
2006:08:25-09:35:41 (none) snort[858]: [119:2:1] (http_inspect) DOUBLE DECODING ATTACK {PROTO006} 84.162.205.50:39356 -> 212.23.33.23:80
My System: Astaro 5.2x
The IP 84.162.205.50 is my own address.
Can someone explain what this message means?
Did someone attack me or i have a problem with my configuration?
ananda
This thread was automatically locked due to age.
