Snort mailing list archives
Should I worry??
From: "Anthony Scott" <ascott () triadfoodsgroup com>
Date: Tue, 25 Jun 2002 11:41:36 -0500
Received this alert from Snort: [**] [1:1227:2] <http://hqbb/snort/sig/sigsid-1227.html> X11 outbound client connection detected [**] [Classification: Misc activity] [Priority: 3] 06/24-10:37:44.575620 <http://hqbb/snort/192/168/1/src192.168.1.18.html> 192.168.1.18: <http://www.portsdb.org/bin/portsdb.cgi?portnumber=6000&protocol=TCP> 6000 -> <http://hqbb/snort/192/168/1/dest192.168.1.225.html> 192.168.1.225: <http://www.portsdb.org/bin/portsdb.cgi?portnumber=1984&protocol=TCP> 1984 TCP TTL:128 TOS:0x0 ID:12364 IpLen:20 DgmLen:40 DF ***A**** Seq: 0x36B34774 Ack: 0x498A1D12 Win: 0x4470 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS126] .18 is an Exchange server. This is , of course, an internal IP address. However it does have a public IP address. .225 is the Snort/Big Brother server. It only has the internal address. Thanks anthony scott, workstation administrator
Current thread:
- Should I worry?? Anthony Scott (Jun 25)
- Re: Should I worry?? Chris Adams (Jun 25)