[Dshield] Need help with this pattern

Clint Byrum cbyrum at erp.com
Thu Oct 25 17:11:57 GMT 2001


Any way you can paste that info in a more internet-friendly manner? My 
mozilla mail running on Linux has no clue what an OLE_Obj is.

Chan, Stephen (TIS, Singapore) wrote:

>Hi people, this is an excerpt of a Snort log I have placed outside my
>firewall. 
>
> <<...OLE_Obj...>> 
>
>It seems to be a bunch of spoofed source IP hitting my IDS host
>(aa.bb.cc.dd). The actual trace runs over 3 days! with similar patterns. Has
>anyone else seen anything like this? Or do you need more information?
>
>
>_______________________________________________
>Dshield mailing list
>Dshield at dshield.org
>To change your subscription options (or unsubscribe), see: http://www1.dshield.org/mailman/listinfo/dshield
>





More information about the list mailing list