Snort mailing list archives
My Snort IDS Sensor Detected Nessus Vulnerability Scan
From: Teo En Ming <teo.en.ming () gmail com>
Date: Sat, 19 Apr 2014 03:24:17 +0800
Hi, My Snort IDS sensor detected nessus vulnerability scan. The nessus vulnerability scan was launched from WAN outside of HOME_NET. However, the alerts generated were few. It seems that Snort rules are not comprehensive enough. Here are the alerts: 04/19-02:54:23.361505 [**] [1:25975:2] POLICY-OTHER Adobe ColdFusion admin interface access attempt [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 171.207.15.38:50619 -> 192.168.1.146:80 04/19-02:54:24.940222 [**] [1:25975:2] POLICY-OTHER Adobe ColdFusion admin interface access attempt [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 171.207.15.38:50631 -> 192.168.1.147:80 04/19-02:56:13.080227 [**] [1:25975:2] POLICY-OTHER Adobe ColdFusion admin interface access attempt [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 171.207.15.38:53504 -> 192.168.1.146:80 04/19-02:56:19.700298 [**] [1:25975:2] POLICY-OTHER Adobe ColdFusion admin interface access attempt [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 171.207.15.38:53644 -> 192.168.1.147:80 04/19-02:56:50.601653 [**] [1:25975:2] POLICY-OTHER Adobe ColdFusion admin interface access attempt [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 171.207.15.38:54289 -> 192.168.1.146:80 04/19-02:56:52.220320 [**] [1:25975:2] POLICY-OTHER Adobe ColdFusion admin interface access attempt [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 171.207.15.38:54304 -> 192.168.1.147:80 04/19-02:57:02.961654 [**] [1:25975:2] POLICY-OTHER Adobe ColdFusion admin interface access attempt [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 171.207.15.38:54605 -> 192.168.1.146:80 04/19-02:57:04.180442 [**] [1:25975:2] POLICY-OTHER Adobe ColdFusion admin interface access attempt [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 171.207.15.38:54615 -> 192.168.1.147:80 04/19-02:57:21.921667 [**] [1:22063:9] SERVER-WEBAPP PHP-CGI remote file include attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.15.38:55062 -> 192.168.1.146:80 04/19-02:57:23.962694 [**] [1:22063:9] SERVER-WEBAPP PHP-CGI remote file include attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.15.38:55145 -> 192.168.1.147:80 Please note that Snort cannot detect nmap scan. Thank you. Regards, Teo En Ming
------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- My Snort IDS Sensor Detected Nessus Vulnerability Scan Teo En Ming (Apr 18)
- Re: My Snort IDS Sensor Detected Nessus Vulnerability Scan Eric G (Apr 18)
- Re: My Snort IDS Sensor Detected Nessus Vulnerability Scan Teo En Ming (Apr 19)
- Re: My Snort IDS Sensor Detected Nessus Vulnerability Scan waldo kitty (Apr 19)
- Re: My Snort IDS Sensor Detected Nessus Vulnerability Scan Teo En Ming (Apr 19)
- Re: My Snort IDS Sensor Detected Nessus Vulnerability Scan Joel Esler (jesler) (Apr 18)
- Re: My Snort IDS Sensor Detected Nessus Vulnerability Scan Kevin Ross (Apr 19)
- Re: My Snort IDS Sensor Detected Nessus Vulnerability Scan Eric G (Apr 18)