[Snort-users] IDS244 - Compaq Insight alert

Erik Engberg Erik.Engberg at ...511...
Tue Sep 26 17:31:37 EDT 2000


If I remember correctly a few weeks ago there came a BoF exploit for Compaq
insight manager agents that lets you execute code on the machine so no
wonder people are scanning for the agents. Many have them installed, and few
ever bother to update.

/Erik

-----Original Message-----
From: Doug Lamb [mailto:doug at ...517...]
Sent: den 26 september 2000 21:47
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] IDS244 - Compaq Insight alert


I have snort set up between our company's Internet router and our inside 
firewall.  We've gotten several hits to port 2301 within the firewall 
address pool allocated to our users.  All of these have come from port 80 
on addresses that resolve to different web sites.

IDS244  --  CVE-1999-0771 - Compaq-insight-dot-dot: 208.236.132.47:80 -> 
my.ip.address.here:2301

There seems to have been no compromise to any of our servers after getting 
these alerts.  I'm curious to know if anyone else sees this alert 
frequently, and if anyone knows of an application that would use port 2301 
besides the Compaq Insight product.  Thanks in advance.

--Doug

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/snort-users



More information about the Snort-users mailing list