Listing 2. Common Snort Alerts
[**] spp_http_decode: IIS Unicode attack detected [**]
03/07-11:10:40.910903 192.168.0.1:3607 -> 192.168.1.2:80
TCP TTL:249 TOS:0x0 ID:22898 IpLen:20 DgmLen:1022 DF
***AP*** Seq: 0x552997B8 Ack: 0xE39D7CB1 Win: 0x4470 TcpLen: 20
[**] IDS198/SYN FIN Scan [**]
03/13-01:38:45.254726 192.168.1.3:53 -> 192.168.0.1:53
TCP TTL:23 TOS:0x0 ID:39426 IpLen:20 DgmLen:40
******SF Seq: 0x4D622A79 Ack: 0x7EEF29AF Win: 0x404 TcpLen: 20
03/15-19:36:23.468056
[**] spp_portscan: PORTSCAN DETECTED from 192.168.2.25 (THRESHOLD 3
connections exceeded in 4 seconds) [**]
03/15-19:36:39.561360
[**] spp_portscan: portscan status from 192.168.3.25: 5 connections
across 1
hosts: TCP(0), UDP(5) [**]
Copyright © 1994 - 2018 Linux Journal. All rights reserved.
