[Snort-users] current activity from

Dr SuSE drsuse at ...748...
Sat Nov 4 15:03:25 EST 2000

What I usually do is scan the offending machine to see if there are any
ports open that might indicate that the machine has been
compromised.  Ports such as 1080, 31337, 12345..etc are a good indication 
but it doesn't mean the machine has been rooted since they could be
running Back Officer Friendly or Netbus detective which would give a
false positive.
I then email the upper level provider since emailing to root of a possibly
hacked machine wouldn't do much good. 
This is just my .02 cents 


"Microsoft ist nicht installiert"

On Sat, 4 Nov 2000, Jerry Shenk wrote:

> I'm currently being scanned by  This is a computer in
> Singapore it seems.  The box has all kinds of ports open....not sure what to
> do in a case like this.  Obviously there's not recourse on a machine in
> Singapore but I'm not sure if it should be reported or what should be
> done.....any ideas?
> --------------------------------------------------------------
> Jerry A. Shenk - MCNE, GIAC certified intrusion analyst
> Sr. Systems Engineer - Computer Networking Services
> D&E Communications, Inc.
> jshenk at ...514... (also jas at ...129...)
> 1-877-433-8632 Fax via efax: (603) 250-1453
> my website: http://jerryslinux.dyndns.org/jas
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users

More information about the Snort-users mailing list