Snort mailing list archives

Re: Unusual System Events

From: Brian <bmc () snort org>
Date: Thu, 18 Oct 2001 07:58:22 -0400

According to Eduard Meiler:

Hallo,

how can I disable these logs from my LAN ?


the real question is, why do you want to?

Oct 18 12:00:18 wall snort: [1:583:1] RPC portmap request rstatd
[Classification: Attempted Information Leak] [Priority: 3]: {UDP}
192.168.200.55:1076 -> 192.168.200.250:111

Oct 18 12:14:50 wall snort: [1:1227:1] X11 outgoing [Classification: Unknown
Traffic] [Priority: 1]: {TCP} 192.168.200.253:6000 -> 192.168.200.55:1116


To an outsider from your network, it looks as if you got hacked via
statd, and they lanched an xterm back at themselves.

If not, you could just set your HOME_NET & EXTERNAL_NET properly.

-- 
Save the whales.  Collect the whole set.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Unusual System Events Eduard Meiler (Oct 18)
- Re: Unusual System Events Brian (Oct 18)
- <Possible follow-ups>
- RE: Unusual System Events Joshua Wright (Oct 18)