[Dshield] Need help with this pattern

Peter Street peter.street at lazerfx.co.uk
Thu Oct 25 20:47:39 GMT 2001


I agree -- I'm running outlook XP on Windows XP (Which should show any
attachments and such, especially OLE objects, since they are a windows
thing) and I saw that text.

Hope this helps - he might have attempted to do a HTML paste in a text
file, or similar?

Peter Street
Web Developer / Manager
LazerFX Productions
www.lazerfx.co.uk (Under Construction)


-----Original Message-----
From: dshield-admin at dshield.org [mailto:dshield-admin at dshield.org] On
Behalf Of Tom Laermans
Sent: 25 October 2001 19:45
To: dshield at dshield.org
Subject: Re: [Dshield] Need help with this pattern

Actually, that was the raw text he sent, like it is below.
(At least, that's what I'm seeing in Eudora/Win32)


>Chan, Stephen (TIS, Singapore) wrote:
>
>>Hi people, this is an excerpt of a Snort log I have placed outside my
>>firewall.
>><<...OLE_Obj...>>
>>It seems to be a bunch of spoofed source IP hitting my IDS host
>>(aa.bb.cc.dd). The actual trace runs over 3 days! with similar
patterns. Has
>>anyone else seen anything like this? Or do you need more information?




More information about the list mailing list