Snort alert need some help to interpret the data correct
-
I have this alert in snort and i'm not sure if there is an infected computer on our network or a malicious site was visited. Could someone help me interpret the data correct. Thanx in advance!
188.203.188.129 is our wan adres
12/04-06:00:45 2 TCP Potentially Bad Traffic 188.203.188.129 6384 208.88.225.149 Delete 80 1:2014543:1 [click to add to suppress list] ET CURRENT_EVENTS TDS Sutra - request in.cgi
12/04-06:00:45 1 TCP A Network Trojan was Detected 208.88.225.149 Delete 80 188.203.188.129 33983 1:2014611:1 [click to add to suppress list] ET CURRENT_EVENTS TDS Sutra - cookie set RULEZ
12/04-06:00:45 2 TCP Potentially Bad Traffic 208.88.225.149 Delete 80 188.203.188.129 33983 1:2014546:4 [click to add to suppress list] ET CURRENT_EVENTS TDS Sutra - HTTP header redirecting to a SutraTDS
12/04-06:00:45 2 TCP Potentially Bad Traffic 208.88.225.149 Delete 80 188.203.188.129 33983 1:2014545:2 [click to add to suppress list] ET CURRENT_EVENTS TDS Sutra - page redirecting to a SutraTDS
12/04-06:00:45 2 TCP Potentially Bad Traffic 188.203.188.129 33983 208.88.225.149 Delete 80 1:2014543:1 [click to add to suppress list] ET CURRENT_EVENTS TDS Sutra - request in.cgi
-
it could be that someone in your network have visited a malicious website and thats why it's reporting the IP address on port 80 (HTTP) ..
Are you the webhost or the user?
-
Its a normal home metwork at my parents house
So some one probably visited a Shady website?
I just wanted to make shure thats its not a pc that is Infected with malware.
My dad is really gifted in getting malware/ virusses on his pc.Thanx again