Hi,
I am experiencing alot of outbound traffic from my internal network which is filtered by snort.
These are the descriptions:
DOUBLE DECODING ATTACK
OVERSIZE REQUEST-URI DIRECTORY
TCP Portscan (from my Linux server!)
Even get some attacks from my providers modem?! Thats is on the internetside of my network . . . Strange, strange . . .
I looked around on the internet but I could not find a explination what this is. I saw alot of technical jargon, which I dont understand. Can someone tell me in Dummy speak, what these alerts are?
It is outbound traffic, targetet at several ipadressen. I have installed Spybot search and Destroy on the Windows machines. I have scanned all windows machines with runscanner.exe (
www.runscanner.com). I have scanned my server for rootkits (rkhunter) I have deleted all potential bad programs on the windows XP machines (found nothing on the Linuxserver
)
but I still get the alerts.
Is it a real alert, or is false alarm?
Thanx for your help!