Snort mailing list archives
id check returned root ?!?!
From: "Michael D. Schleif" <mds () helices org>
Date: Sat, 28 Jun 2003 10:20:29 -0500
I am fairly new to snort, and I've just begun analyzing my logs. I have my home office network, from which I am writing this post, that is NAT'ed behind an ipchains firewall. This system is: 192.168.123.150 I also have a web/email server hosted by tera-byte.com: 216.234.189.108 Last week I received several of these: 4 216.234.189.108 192.168.123.150 ATTACK RESPONSES id check returned root Now, I have come to realize that this is a dangerous situation. I run chkrootkit daily and have _nothing_ to report. What should I do? -- Best Regards, mds mds resource 877.596.8237 - Dare to fix things before they break . . . - Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . --
Attachment:
_bin
Description:
Current thread:
- id check returned root ?!?! Michael D. Schleif (Jun 28)
- Re: id check returned root ?!?! MH (Jun 28)
- Re: id check returned root ?!?! james (Jun 28)
- Re: id check returned root ?!?! Nicholas Delo (Jun 28)
- Re: id check returned root ?!?! Michael D. Schleif (Jun 28)
- Re: id check returned root ?!?! Frank Knobbe (Jun 28)
- Re: id check returned root ?!?! Michael D. Schleif (Jun 28)
- Re: id check returned root ?!?! Erek Adams (Jun 28)
- Re: id check returned root ?!?! Michael D. Schleif (Jun 28)
- Re: id check returned root ?!?! Erek Adams (Jun 28)
- Re: id check returned root ?!?! Michael D. Schleif (Jun 28)
- Re: id check returned root ?!?! MH (Jun 28)