Hi everyone Receiving this from the snort can someone explain what the hell is going on I have and ADSL connection on eth1 with dhcp assigned Ip and the lan is on eth0 I am running the snort with -i eth1 as the Daemon with snort-lin defining the HOME_NET 192.168.1.0/24 and EXTERNAL_NET as 212.xxx.xxx.0/22 as outlined with the ifconfig eberything else is left as is. Help is appreciated Mar 27 18:11:49 gardiyan snort: spp_http_decode: IIS Unicode attack detected: 212.xxx.xxx.xxx:61018 -> 195.44.254.18:80 Mar 27 18:12:00 gardiyan snort: spp_http_decode: IIS Unicode attack detected: 212.xxx.xxx.xxx:61019 -> 207.200.86.65:80 Mar 27 18:12:00 gardiyan snort: spp_http_decode: IIS Unicode attack detected: 212.xxx.xxx.xxx:61019 -> 207.200.86.65:80 Mar 27 18:12:02 gardiyan snort: spp_http_decode: IIS Unicode attack detected: 212.xxx.xxx.xxx:61020 -> 207.200.86.65:80 Mar 27 18:12:02 gardiyan snort: spp_http_decode: IIS Unicode attack detected: 212.xxx.xxx.xxx:61020 -> 207.200.86.65:80 Mar 27 18:12:03 gardiyan snort: spp_http_decode: IIS Unicode attack detected: 212.xxx.xxx.xxx:61019 -> 207.200.86.65:80 Mar 27 18:12:08 gardiyan snort: spp_http_decode: IIS Unicode attack detected: 212.xxx.xxx.xxx:61020 -> 207.200.86.65:80 Mar 27 18:12:08 gardiyan snort: spp_http_decode: IIS Unicode attack detected: 212.xxx.xxx.xxx:61020 -> 207.200.86.65:80 Mar 27 18:12:10 gardiyan snort: spp_http_decode: IIS Unicode attack detected: 212.xxx.xxx.xxx:61021 -> 205.188.245.116:80 Mar 27 18:12:10 gardiyan snort: spp_http_decode: IIS Unicode attack detected: 212.xxx.xxx.xxx:61021 -> 205.188.245.116:80 -- Togan Muftuoglu --------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com