[Snort-users] BACKDOOR DeepThroat 3.1 Client Sending Data to Server on Network

Ralf Hildebrandt Ralf.Hildebrandt at ...821...
Fri Mar 30 08:19:20 EST 2001


On Fri, Mar 30, 2001 at 02:31:40PM +0200, Roeland Weve wrote:
> I've got 15062 occurances from one IP to 934 IP addresses
> I duno exactly what to do with that, but does anybody what it does?
> I had a look at the arachNIDS, but I don't know if it's dangerous...
> How can I see if a machine is really affected?
> 
> #0-(1-8870) [arachNIDS] BACKDOOR DeepThroat 3.1 Client Sending Data to
> Server on Network
> 2001-03-29 19:10:00  xxx.xx.xx.78:60000 -> xxx.xx.200.0:2140  UDP

Check the packet traces! Have a close look at the packets themselves, not
the alerts.

-- 
ralf.hildebrandt at ...821...                            innominate AG
System Engineer                        Don't be afraid of what you see -
Diplom-Informatiker                     be afraid of what you don't see!
tel: +49.(0)7000.POSTFIX  fax: +49.(0)30.308806-698         





More information about the Snort-users mailing list