Snort mailing list archives
Re: ATTACK-RESPONSES id check returned root
From: cc <cc () belfordhk com>
Date: Sat, 22 Oct 2005 14:17:06 +0800
Chris Romano sighed and wrote::
I came in this moring and checked my snort alerts (morning routine), and noticed the following: ATTACK-RESPONSES id check returned root 2005-10-21 07:40:32 82.165.25.125:80<http://82.165.25.125:80> 10.10.10.5:51949 <http://10.10.10.5:51949> TCP
This is very interesting. Snort tagged your message with the same exact alert, but this time it was through port 25 (SMTP). At first, I freaked when I saw that on BASE. Then I checked the payload and got worried. However, looking at the port, and noticing it was 25, and finding it in my email, I sighed a relief. :) Edmund ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ATTACK-RESPONSES id check returned root Chris Romano (Oct 21)
- Re: ATTACK-RESPONSES id check returned root Matt Kettler (Oct 21)
- Re: ATTACK-RESPONSES id check returned root Matt Kettler (Oct 21)
- Re: ATTACK-RESPONSES id check returned root Patrick Walsh (Oct 21)
- Re: ATTACK-RESPONSES id check returned root Chris Romano (Oct 21)
- Re: ATTACK-RESPONSES id check returned root cc (Oct 21)
- RE: ATTACK-RESPONSES id check returned root Our World Is Here (Oct 24)
- RE: ATTACK-RESPONSES id check returned root Paul Schmehl (Oct 25)
- RE: ATTACK-RESPONSES id check returned root Our World Is Here (Oct 26)
- RE: ATTACK-RESPONSES id check returned root Our World Is Here (Oct 24)
- <Possible follow-ups>
- RE: ATTACK-RESPONSES id check returned root Willy, Andrew (Oct 21)