Snort mailing list archives
AW: Rules question
From: "Poppi, Sandro" <Sandro.Poppi () wacker com>
Date: Thu, 14 Feb 2002 10:21:26 +0100
Seems that someone did the command id which results that she/he has uid 0 which in turn is root. I would strongly suggest investigating this incident further! Servus, Sandro
-----Ursprüngliche Nachricht----- Von: Bastian Ballmann [mailto:ballmann () co-de de] Gesendet: Donnerstag, 14. Februar 2002 10:08 An: snort-users () lists sourceforge net Betreff: [Snort-users] Rules question Hi @ll!!! =) Could anyone explain to me what this log entry should tell me? "ATTACK RESPONSES id check returned root [Classification: Potentially Bad Traffic Priority: 2]" Thanks in advance! Greets Bastian Ballmann -- Rosige Zeiten erwarten Sie - auf der CeBIT 2002 vom 13.03 bis 20.03.2002, Halle 6, Block D52, Stand 271. Wir freuen uns auf Ihren Besuch _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- AW: Rules question Poppi, Sandro (Feb 14)