LOG messages

Unanswered Question
Nov 26th, 2008

Can u please tell me what these messeges say?


1) %APPFW-4-HTTP_DEOBFUSCATE: Sig:14 Deobfuscation signature detected - HTTP deobfuscation detected IDS evasion technique from 172.31.0.71:15909 to 4.71.209.4:80

2) %APPFW-4-HTTP_STRICT_PROTOCOL: Sig:15 HTTP protocol violation detected - HTTP Protocol not detected from 172.31.5.148:2901 to 72.30.186.249:80



thank u

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ariesc_33 Wed, 11/26/2008 - 20:13

looks like the attack is coming from the internal network. go check which pc or server is 172.31.0.71 and scan for spyware or worm infection.


for the mean while, you may block this IP to stop it spreading.

Actions

This Discussion