What is "MALWARE-OTHER Double HTTP Server declared" IDS alert?
have you checked snort website for info?
Hi Pondus,
My best guess is botnet related cat. other malware, Particularly for Bancos outward connection. We now, my friend Pondus, that Bancos detection wasn’t avast!'s strongest side, as Tech has reported on many occasions. Hope that situation now has improved…
polonus
system
5
If you look at a packet it shows two server headers. In this one at least there is an Apache Server and a nginx server.
…E…+…@.o./iYu…
'.-.P.P!.?..E.P…Hs…HTTP/1.1 200
Server: Apache
Content-Length: 229
Content-Type:
Last-Modified: …, 01 … 2013 23:06:45 GMT
Accept-Ranges: bytes
Server:nginx/1.2.6
Date:Thu, 01 Aug 2013 13:06:44 GMT
Last-Modified:Thu, 01 Aug 2013 13:06:45 GMT
Accept-Ranges:bytes