Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Newbie: What does this mean?

From: "Briggs, Bruce" <Bruce.Briggs () suny edu>
Date: Tue, 12 Apr 2005 17:06:28 -0400
Why do you believe it is your server which is doing this?
Why not a workstation - some user going to Hotmail?

Bruce

-----Original Message-----
From: John Plate [mailto:plate () ache dk] 
Sent: Tuesday, April 12, 2005 3:58 PM
To: Sean Brown
Cc: Briggs, Bruce; Snort Users
Subject: RE: [Snort-users] Newbie: What does this mean?

Sean Brown wrote:


I have been getting the same entry in my logs with Hotmail/Microsoft
servers being the destination and my public IP as the source. Guess
where 65.54.186.250 points to.

I've just been ignoring it.


Yes - but it could be some Trojan Horse hidden somewhere on the server
making/testing a coordinated attack. 

We still miss the explanation why the traffic seems to come from my
server, right?

I've tried with netstat -l and looked at all active processes, but I
cannot find anything suspicious. 

John


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: