[Snort-users] IDS244 - Compaq Insight alert
Erik.Engberg at ...511...
Tue Sep 26 17:31:37 EDT 2000
If I remember correctly a few weeks ago there came a BoF exploit for Compaq
insight manager agents that lets you execute code on the machine so no
wonder people are scanning for the agents. Many have them installed, and few
ever bother to update.
From: Doug Lamb [mailto:doug at ...517...]
Sent: den 26 september 2000 21:47
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] IDS244 - Compaq Insight alert
I have snort set up between our company's Internet router and our inside
firewall. We've gotten several hits to port 2301 within the firewall
address pool allocated to our users. All of these have come from port 80
on addresses that resolve to different web sites.
IDS244 -- CVE-1999-0771 - Compaq-insight-dot-dot: 126.96.36.199:80 ->
There seems to have been no compromise to any of our servers after getting
these alerts. I'm curious to know if anyone else sees this alert
frequently, and if anyone knows of an application that would use port 2301
besides the Compaq Insight product. Thanks in advance.
Snort-users mailing list
Snort-users at lists.sourceforge.net
More information about the Snort-users