Snort mailing list archives
ATTACK-RESPONSES id check returned root
From: "Romano, Chris" <CRomano () AtlasBD com>
Date: Tue, 30 Dec 2003 16:57:51 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I just got this alert for our snort sensor. I think that it's a false positive but am not sure how to check and want to see if anyone else has seen this. Both the source and dest. are mail servers. The source is a from a list server that sends a good bit of emails to us and this is the first time that I have seen this alert. The source IP is 131.193.178.160 (stoneport.math.uic.edu - a.mx.cr.yp.to). Any help would be greatly appreciated. Thanks, Chris Romano -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBP/H03gvHK4/UMrUIEQIJCgCg9iVJSHV+lry98BnXLgnk+v8MT9wAnRbN Q3+JYVAeh7qpWDZQC2Ern1GO =eFFD -----END PGP SIGNATURE-----
Current thread:
- ATTACK-RESPONSES id check returned root Romano, Chris (Dec 30)
- Re: ATTACK-RESPONSES id check returned root sam (Dec 30)