Snort mailing list archives

Previous By Date Next
Previous By Thread Next

My Snort IDS Sensor Detected Nessus Vulnerability Scan

From: Teo En Ming <teo.en.ming () gmail com>
Date: Sat, 19 Apr 2014 03:24:17 +0800
Hi,

My Snort IDS sensor detected nessus vulnerability scan. The nessus
vulnerability scan was launched from WAN outside of HOME_NET. However, the
alerts generated were few. It seems that Snort rules are not comprehensive
enough.

Here are the alerts:

04/19-02:54:23.361505  [**] [1:25975:2] POLICY-OTHER Adobe ColdFusion admin
interface access attempt [**] [Classification: Potential Corporate Privacy
Violation] [Priority: 1] {TCP} 171.207.15.38:50619 -> 192.168.1.146:80
04/19-02:54:24.940222  [**] [1:25975:2] POLICY-OTHER Adobe ColdFusion admin
interface access attempt [**] [Classification: Potential Corporate Privacy
Violation] [Priority: 1] {TCP} 171.207.15.38:50631 -> 192.168.1.147:80
04/19-02:56:13.080227  [**] [1:25975:2] POLICY-OTHER Adobe ColdFusion admin
interface access attempt [**] [Classification: Potential Corporate Privacy
Violation] [Priority: 1] {TCP} 171.207.15.38:53504 -> 192.168.1.146:80
04/19-02:56:19.700298  [**] [1:25975:2] POLICY-OTHER Adobe ColdFusion admin
interface access attempt [**] [Classification: Potential Corporate Privacy
Violation] [Priority: 1] {TCP} 171.207.15.38:53644 -> 192.168.1.147:80
04/19-02:56:50.601653  [**] [1:25975:2] POLICY-OTHER Adobe ColdFusion admin
interface access attempt [**] [Classification: Potential Corporate Privacy
Violation] [Priority: 1] {TCP} 171.207.15.38:54289 -> 192.168.1.146:80
04/19-02:56:52.220320  [**] [1:25975:2] POLICY-OTHER Adobe ColdFusion admin
interface access attempt [**] [Classification: Potential Corporate Privacy
Violation] [Priority: 1] {TCP} 171.207.15.38:54304 -> 192.168.1.147:80
04/19-02:57:02.961654  [**] [1:25975:2] POLICY-OTHER Adobe ColdFusion admin
interface access attempt [**] [Classification: Potential Corporate Privacy
Violation] [Priority: 1] {TCP} 171.207.15.38:54605 -> 192.168.1.146:80
04/19-02:57:04.180442  [**] [1:25975:2] POLICY-OTHER Adobe ColdFusion admin
interface access attempt [**] [Classification: Potential Corporate Privacy
Violation] [Priority: 1] {TCP} 171.207.15.38:54615 -> 192.168.1.147:80
04/19-02:57:21.921667  [**] [1:22063:9] SERVER-WEBAPP PHP-CGI remote file
include attempt [**] [Classification: Attempted Administrator Privilege
Gain] [Priority: 1] {TCP} 171.207.15.38:55062 -> 192.168.1.146:80
04/19-02:57:23.962694  [**] [1:22063:9] SERVER-WEBAPP PHP-CGI remote file
include attempt [**] [Classification: Attempted Administrator Privilege
Gain] [Priority: 1] {TCP} 171.207.15.38:55145 -> 192.168.1.147:80

Please note that Snort cannot detect nmap scan.

Thank you.

Regards,

Teo En Ming

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: