Snort mailing list archives
Re: help!
From: Erek Adams <erek () theadamsfamily net>
Date: Fri, 19 Apr 2002 10:20:49 -0700 (PDT)
On Sat, 20 Apr 2002, [gb2312] ?? ???? wrote:
Thank for your attention!But I really need the completed documents about the classtype of snort.I hope you can help me!Just as "attempted-admin", description is "Attempted Administrator Privilege Gain",I need more information.Thanks again!!
Well, it simply means that it appears that someone tried to gain 'administrator level' (root, Administrator on Win*, etc) via some form of an attack. You as the analyst must examine the logged packet(s) and see if that is true or not. Keep in mind that there does exist 'false postives' and you can't always rely on what the alerts say. You _HAVE_ to look at the packets and make that decision yourself. Hope that helps! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users