Snort mailing list archives
Re: ATTACK-RESPONSES id check returned root
From: Matt Kettler <mkettler () evi-inc com>
Date: Fri, 21 Oct 2005 13:34:54 -0400
Chris Romano wrote:
I came in this moring and checked my snort alerts (morning routine), and noticed the following: ATTACK-RESPONSES id check returned root 2005-10-21 07:40:32 82.165.25.125:80 <http://82.165.25.125:80> 10.10.10.5:51949 <http://10.10.10.5:51949> TCP
Upon closer inspection, I'm *positive* that was matching someone reading a website. All that exact text is posted in a Phrack issue to be exact. One (of many) places with it: http://www.nata2.info/?path=misc/phrack/phrack58&text=p58-0x07.txt ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ATTACK-RESPONSES id check returned root Chris Romano (Oct 21)
- Re: ATTACK-RESPONSES id check returned root Matt Kettler (Oct 21)
- Re: ATTACK-RESPONSES id check returned root Matt Kettler (Oct 21)
- Re: ATTACK-RESPONSES id check returned root Patrick Walsh (Oct 21)
- Re: ATTACK-RESPONSES id check returned root Chris Romano (Oct 21)
- Re: ATTACK-RESPONSES id check returned root cc (Oct 21)
- RE: ATTACK-RESPONSES id check returned root Our World Is Here (Oct 24)
- RE: ATTACK-RESPONSES id check returned root Paul Schmehl (Oct 25)
- RE: ATTACK-RESPONSES id check returned root Our World Is Here (Oct 26)
- RE: ATTACK-RESPONSES id check returned root Our World Is Here (Oct 24)
- <Possible follow-ups>
- RE: ATTACK-RESPONSES id check returned root Willy, Andrew (Oct 21)