Snort mailing list archives

Re: help!

From: Erek Adams <erek () theadamsfamily net>
Date: Fri, 19 Apr 2002 10:20:49 -0700 (PDT)

On Sat, 20 Apr 2002, [gb2312] ?? ???? wrote:

Thank for your attention!But I really need the completed documents about
the classtype of snort.I hope you can help me!Just as "attempted-admin",
description is "Attempted Administrator Privilege Gain",I need more
information.Thanks again!!


Well, it simply means that it appears that someone tried to gain
'administrator level' (root, Administrator on Win*, etc) via some form of an
attack.  You as the analyst must examine the logged packet(s) and see if that
is true or not.

Keep in mind that there does exist 'false postives' and you can't always rely
on what the alerts say.  You _HAVE_ to look at the packets and make that
decision yourself.

Hope that helps!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

help! 李洪源 (Apr 18)
- Re: help! Erek Adams (Apr 18)
- <Possible follow-ups>
- Re: help! 李洪源 (Apr 19)
  - Re: help! Erek Adams (Apr 19)
  - Re: help! Erek Adams (Apr 19)