Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ATTACK-RESPONSES id check returned root

From: cc <cc () belfordhk com>
Date: Sat, 22 Oct 2005 14:17:06 +0800
Chris Romano sighed and wrote::


I came in this moring and checked my snort alerts (morning routine), and
noticed the following:

ATTACK-RESPONSES id check returned root 2005-10-21 07:40:32
82.165.25.125:80<http://82.165.25.125:80>
10.10.10.5:51949 <http://10.10.10.5:51949> TCP



This is very interesting.  Snort tagged your message with the same
exact alert, but this time it was through port 25 (SMTP).  At first,
I freaked when I saw that on BASE.  Then I checked the payload and
got worried.

However, looking at the port, and noticing it was 25, and finding
it in my email, I sighed a relief.  :)

Edmund


-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: