Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort alert need some help to interpret the data correct

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 2 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stormeporm
      last edited by

      I have this alert in snort and i'm not sure if there is an infected computer on our network or a malicious site was visited. Could someone help me interpret the data correct. Thanx in advance!

      188.203.188.129 is our wan adres

      12/04-06:00:45 2 TCP Potentially Bad Traffic 188.203.188.129 6384 208.88.225.149 Delete 80 1:2014543:1 [click to add to suppress list] ET CURRENT_EVENTS TDS Sutra - request in.cgi
      12/04-06:00:45 1 TCP A Network Trojan was Detected 208.88.225.149 Delete 80 188.203.188.129 33983 1:2014611:1 [click to add to suppress list] ET CURRENT_EVENTS TDS Sutra - cookie set RULEZ
      12/04-06:00:45 2 TCP Potentially Bad Traffic 208.88.225.149 Delete 80 188.203.188.129 33983 1:2014546:4 [click to add to suppress list] ET CURRENT_EVENTS TDS Sutra - HTTP header redirecting to a SutraTDS
      12/04-06:00:45 2 TCP Potentially Bad Traffic 208.88.225.149 Delete 80 188.203.188.129 33983 1:2014545:2 [click to add to suppress list] ET CURRENT_EVENTS TDS Sutra - page redirecting to a SutraTDS
      12/04-06:00:45 2 TCP Potentially Bad Traffic 188.203.188.129 33983 208.88.225.149 Delete 80 1:2014543:1 [click to add to suppress list] ET CURRENT_EVENTS TDS Sutra - request in.cgi

      1 Reply Last reply Reply Quote 0
      • M
        moh10ly
        last edited by

        it could be that someone in your network have visited a malicious website and thats why it's reporting the IP address on port 80 (HTTP) ..
        Are you the webhost or the user?

        Power is Knowledge.

        1 Reply Last reply Reply Quote 0
        • S
          stormeporm
          last edited by

          Its a normal home metwork at my parents house
          So some one probably visited a Shady website?
          I just wanted to make shure thats its not a pc that is Infected with malware.
          My dad is really gifted in getting malware/ virusses on his pc.

          Thanx again

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.