Snort mailing list archives
Re: My Snort IDS Sensor Detected Nessus Vulnerability Scan
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Fri, 18 Apr 2014 20:47:01 +0000
Probably because A) you're behind a firewall B) you're running Nessus. A scanner. Not an exploitation tool. It's not testing to see if something is vulnerable, it's scanning for the potential of the vulnerability C) you've already asked this question and multiple people have answered it. Please read documentation and test Snort. Obviously it's working fine according to the other emails you've sent. I'm receiving complaints about your emails, the frequently and the content. Please check into the documentation. -- Joel Esler Sent from my iPhone On Apr 18, 2014, at 15:29, "Teo En Ming" <teo.en.ming () gmail com<mailto:teo.en.ming () gmail com>> wrote: Hi, My Snort IDS sensor detected nessus vulnerability scan. The nessus vulnerability scan was launched from WAN outside of HOME_NET. However, the alerts generated were few. It seems that Snort rules are not comprehensive enough. Here are the alerts: 04/19-02:54:23.361505 [**] [1:25975:2] POLICY-OTHER Adobe ColdFusion admin interface access attempt [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 171.207.15.38:50619<http://171.207.15.38:50619> -> 192.168.1.146:80<http://192.168.1.146:80> 04/19-02:54:24.940222 [**] [1:25975:2] POLICY-OTHER Adobe ColdFusion admin interface access attempt [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 171.207.15.38:50631<http://171.207.15.38:50631> -> 192.168.1.147:80<http://192.168.1.147:80> 04/19-02:56:13.080227 [**] [1:25975:2] POLICY-OTHER Adobe ColdFusion admin interface access attempt [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 171.207.15.38:53504<http://171.207.15.38:53504> -> 192.168.1.146:80<http://192.168.1.146:80> 04/19-02:56:19.700298 [**] [1:25975:2] POLICY-OTHER Adobe ColdFusion admin interface access attempt [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 171.207.15.38:53644<http://171.207.15.38:53644> -> 192.168.1.147:80<http://192.168.1.147:80> 04/19-02:56:50.601653 [**] [1:25975:2] POLICY-OTHER Adobe ColdFusion admin interface access attempt [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 171.207.15.38:54289<http://171.207.15.38:54289> -> 192.168.1.146:80<http://192.168.1.146:80> 04/19-02:56:52.220320 [**] [1:25975:2] POLICY-OTHER Adobe ColdFusion admin interface access attempt [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 171.207.15.38:54304<http://171.207.15.38:54304> -> 192.168.1.147:80<http://192.168.1.147:80> 04/19-02:57:02.961654 [**] [1:25975:2] POLICY-OTHER Adobe ColdFusion admin interface access attempt [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 171.207.15.38:54605<http://171.207.15.38:54605> -> 192.168.1.146:80<http://192.168.1.146:80> 04/19-02:57:04.180442 [**] [1:25975:2] POLICY-OTHER Adobe ColdFusion admin interface access attempt [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 171.207.15.38:54615<http://171.207.15.38:54615> -> 192.168.1.147:80<http://192.168.1.147:80> 04/19-02:57:21.921667 [**] [1:22063:9] SERVER-WEBAPP PHP-CGI remote file include attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.15.38:55062<http://171.207.15.38:55062> -> 192.168.1.146:80<http://192.168.1.146:80> 04/19-02:57:23.962694 [**] [1:22063:9] SERVER-WEBAPP PHP-CGI remote file include attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.15.38:55145<http://171.207.15.38:55145> -> 192.168.1.147:80<http://192.168.1.147:80> Please note that Snort cannot detect nmap scan. Thank you. Regards, Teo En Ming ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- My Snort IDS Sensor Detected Nessus Vulnerability Scan Teo En Ming (Apr 18)
- Re: My Snort IDS Sensor Detected Nessus Vulnerability Scan Eric G (Apr 18)
- Re: My Snort IDS Sensor Detected Nessus Vulnerability Scan Teo En Ming (Apr 19)
- Re: My Snort IDS Sensor Detected Nessus Vulnerability Scan waldo kitty (Apr 19)
- Re: My Snort IDS Sensor Detected Nessus Vulnerability Scan Teo En Ming (Apr 19)
- Re: My Snort IDS Sensor Detected Nessus Vulnerability Scan Joel Esler (jesler) (Apr 18)
- Re: My Snort IDS Sensor Detected Nessus Vulnerability Scan Kevin Ross (Apr 19)
- Re: My Snort IDS Sensor Detected Nessus Vulnerability Scan Eric G (Apr 18)