Snort mailing list archives
RE: ATTACK RESPONSES id check returned root
From: "McCammon, Keith" <Keith.McCammon () eadvancemed com>
Date: Tue, 8 Oct 2002 10:35:35 -0400
Any payload that contains the string "uid=0(root)" will cause this to fire. Most of the times that I've caught it, it's been because someone visited a web site with some type of UNIX tutorial, handbook, etc. That's generally the first thing that you want to look for.
-----Original Message----- From: Dallas Jordan [mailto:DJordan () sawgrassink com] Sent: Tuesday, October 08, 2002 10:11 AM To: 'Snort-Users (E-mail) Subject: [Snort-users] ATTACK RESPONSES id check returned root Does anyone know what could possibly set this alert off? I have checked Google and didn't come up with anything specific. I have gotten a couple of these this morning and was just wondering what I should be on the lookout for. Thanks for any suggestions. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ATTACK RESPONSES id check returned root Dallas Jordan (Oct 08)
- Re: ATTACK RESPONSES id check returned root Chris Green (Oct 08)
- <Possible follow-ups>
- RE: ATTACK RESPONSES id check returned root McCammon, Keith (Oct 08)
- RE: ATTACK RESPONSES id check returned root Metz, Tim (Oct 08)
- RE: ATTACK RESPONSES id check returned root Semerjian, Ohanes (Oct 08)