Snort mailing list archives
Re: id check returned root ?!?!
From: MH <procana () insight rr com>
Date: Sat, 28 Jun 2003 12:19:12 -0400
Hi Michael, If you were on a security related site, this is fairly common. If I go to zone-h or some other defacement mirror where part of a defacement has "uid=0(root)", this alarm will fire. Look at your logs for this alert and determine if this is the case. Hope this helps. Mike On Saturday 28 June 2003 11:20 am, Michael D. Schleif wrote:
I am fairly new to snort, and I've just begun analyzing my logs. I have my home office network, from which I am writing this post, that is NAT'ed behind an ipchains firewall. This system is: 192.168.123.150 I also have a web/email server hosted by tera-byte.com: 216.234.189.108 Last week I received several of these: 4 216.234.189.108 192.168.123.150 ATTACK RESPONSES id check returned root Now, I have come to realize that this is a dangerous situation. I run chkrootkit daily and have _nothing_ to report. What should I do?
------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- id check returned root ?!?! Michael D. Schleif (Jun 28)
- Re: id check returned root ?!?! MH (Jun 28)
- Re: id check returned root ?!?! james (Jun 28)
- Re: id check returned root ?!?! Nicholas Delo (Jun 28)
- Re: id check returned root ?!?! Michael D. Schleif (Jun 28)
- Re: id check returned root ?!?! Frank Knobbe (Jun 28)
- Re: id check returned root ?!?! Michael D. Schleif (Jun 28)
- Re: id check returned root ?!?! Erek Adams (Jun 28)
- Re: id check returned root ?!?! Michael D. Schleif (Jun 28)
- Re: id check returned root ?!?! Erek Adams (Jun 28)
- Re: id check returned root ?!?! Michael D. Schleif (Jun 28)
- Re: id check returned root ?!?! MH (Jun 28)