Snort mailing list archives

Previous By Date Next
Previous By Thread Next

AW: Rules question

From: "Poppi, Sandro" <Sandro.Poppi () wacker com>
Date: Thu, 14 Feb 2002 10:21:26 +0100
Seems that someone did the command id which results that she/he has uid 0
which in turn is root. I would strongly suggest investigating this incident
further!

Servus,
Sandro


-----Ursprüngliche Nachricht-----
Von: Bastian Ballmann [mailto:ballmann () co-de de]
Gesendet: Donnerstag, 14. Februar 2002 10:08
An: snort-users () lists sourceforge net
Betreff: [Snort-users] Rules question


Hi @ll!!! =)
Could anyone explain to me what this log entry should tell me?

"ATTACK RESPONSES id check returned root [Classification: 
Potentially Bad 
Traffic   Priority: 2]"

Thanks in advance!
Greets

Bastian Ballmann
-- 
Rosige Zeiten erwarten Sie - auf der CeBIT 2002 
vom 13.03 bis 20.03.2002, Halle 6, Block D52, Stand 271.
Wir freuen uns auf Ihren Besuch

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: