[Snort-sigs] Signature Definition #1760 , 19 of 20

Esler, Joel Contractor EslerJ at ...785...
Mon Jun 9 10:49:02 EDT 2003


 Rule: -- OTHER-IDS ISS RealSecure 6 event collector connection attempt 
 Sid: -- 1760 
 Summary: -- This string detects Connections from The RealSecure 6 IDS
connecting with the issDaemon on remote boxes.
 Impact: -- Unauthroized IDS
 Detailed Information: -- This can show outbound connections to the
issDaemon from the RealSecure Console.  
 Affected Systems: -- Any OS that has the issDaemon installed on the
network.
 Attack Scenarios: -- Slim 
 Ease of Attack: -- Unknown
 False Positives: -- Unknown
 False Negatives: -- Unknown
 Corrective Action: -- Locate and Uninstall all unauthroized RealSecure or
issDaemon clients on the network.
 Contributors: -- Joel Esler
 Additional References: 

 




More information about the Snort-sigs mailing list