Security Incidents mailing list archives
New to this and need help plz!!
From: "Robert J. Wright" <rjw1150 () NEO LRUN COM>
Date: Wed, 27 Dec 2000 22:13:52 -0500
Hello all those who read this. Im kinda in a small problem. Heres whats kinda going on. Im 18 year old, network administrator assistant. I finally got an IDS system (snort) installed onto my network at work, after alot of argument with management, You guys probally know what im talking about. Well the system has only been up for about 24 hours now, and well It picked somthing up. [**] IDS292 - WEB FRONTPAGE - Frontpage-shtml.dll [**] 12/27-06:46:04.461674 xxx.xxx.xxx.xxx:48731-> xxx.xxx.xxx.xxx:80 TCP TTL:244 TOS:0x0 ID:4692 DF *****PA* Seq: 0xC621C4EA Ack: 0x243699 Win: 0x2238 I have recieved a total of 27 of these from that one source, going to my webserver. No kidding eh being port 80 =] Now from my understanding this can be legit traffic. Now i dns'd the ip and its a large consulting/industry company. I checked out with a sales rep and we do sell products to this company. However from what i read from Whitehats.com i dont see a reason why this should happen from a customer. So i really dont know how to address this. Can someone please help me out? Should i contact the network administrator from that company about this? Thank you, Bob Wright
Current thread:
- New to this and need help plz!! Robert J. Wright (Dec 27)
- Re: New to this and need help plz!! Jeff (Dec 28)
- Re: New to this and need help plz!! Blake R. Swopes (Dec 28)
- <Possible follow-ups>
- Re: New to this and need help plz!! Dave Woods (Dec 28)