[Snort-users] ...supposed to take this serious...?

Jan Muenther jan at ...206...
Fri Aug 4 07:41:54 EDT 2000


Hello folks,
I found these in my snort.alert:

[**] IDS254 - DDoS shaft client to handler [**]
08/04-11:26:52.985637 212.227.109.138:443 -> 62.165.1.130:20432
TCP TTL:53 TOS:0x0 ID:65264  DF
*****PA* Seq: 0x63FD8DD9   Ack: 0xC1A80610   Win: 0x7D78

[**] IDS254 - DDoS shaft client to handler [**]
08/04-11:26:53.000024 212.227.109.138:443 -> 62.165.1.130:20432
TCP TTL:53 TOS:0x0 ID:65265  DF
*****PA* Seq: 0x63FD938D   Ack: 0xC1A80610   Win: 0x7D78

...and a couple more...

Am I supposed to take this serious??? I (=my integrity checkers)
haven't noticed any changes on any host and I think 443 could be
usual https traffic...

So, what do you think...?

Bye, Jan
-- 
Radio HUNDERT,6 Medien GmbH Berlin
- EDV -
j.muenther at ...206...




More information about the Snort-users mailing list