[Dshield] Need help with this pattern

Tom Laermans tom.laermans at powersource.cx
Thu Oct 25 18:44:43 GMT 2001


At 19:11 25/10/2001, you wrote:
>Any way you can paste that info in a more internet-friendly manner? My 
>mozilla mail running on Linux has no clue what an OLE_Obj is.


Actually, that was the raw text he sent, like it is below.
(At least, that's what I'm seeing in Eudora/Win32)


>Chan, Stephen (TIS, Singapore) wrote:
>
>>Hi people, this is an excerpt of a Snort log I have placed outside my
>>firewall.
>><<...OLE_Obj...>>
>>It seems to be a bunch of spoofed source IP hitting my IDS host
>>(aa.bb.cc.dd). The actual trace runs over 3 days! with similar patterns. Has
>>anyone else seen anything like this? Or do you need more information?

Tom
http://www.powersource.cx
http://eggies.powersource.cx
http://forum.powersource.cx




More information about the list mailing list