[Snort-users] Scanning for trojans..sure ya are!
drsuse at ...748...
Mon Nov 20 11:17:07 EST 2000
Well, I was just sitting here minding my own business and trying to
cybersex0r the large ladies of irc when I decided to check my Snort
Well, look at that, someone was attempting to relay mail...hmm, I wonder
what this IP resolves to. UH OH....securityscan.sec.rr.com Damn, now
they know I'm running a web and mail server which I don't think I'm
suppose to be doing.
Since securityscan.sec.rr.com is no my enemy I need to research it and
find all I can. A dogpile search directs me to
The page informs me that this is a script that is helpful in that it scans
the rr.com network for hosts that are infected with viruses and trojan
horses and running server (nntp, ftp..etc) on my computer. Hmm, I wonder
why it didnt set of any other Snort alerts for any of the trojan probes.
Sounds like B.S. on the part of rr.com and I think it's time to dump this
linksys router and setup that firewall I've been meaning to built so that
I can block all rr.com traffic.
I just thought this was funny since I know for a fact that Snort using
vison.conf detects trojan probes because in the last few days I've gotten
a bunch of SubSeven probes and none of them were from
"Microsoft ist nicht installiert"
More information about the Snort-users