[Snort-users] BACKDOOR DeepThroat 3.1 Client Sending Data to Server on Network
Ralf.Hildebrandt at ...821...
Fri Mar 30 08:19:20 EST 2001
On Fri, Mar 30, 2001 at 02:31:40PM +0200, Roeland Weve wrote:
> I've got 15062 occurances from one IP to 934 IP addresses
> I duno exactly what to do with that, but does anybody what it does?
> I had a look at the arachNIDS, but I don't know if it's dangerous...
> How can I see if a machine is really affected?
> #0-(1-8870) [arachNIDS] BACKDOOR DeepThroat 3.1 Client Sending Data to
> Server on Network
> 2001-03-29 19:10:00 xxx.xx.xx.78:60000 -> xxx.xx.200.0:2140 UDP
Check the packet traces! Have a close look at the packets themselves, not
ralf.hildebrandt at ...821... innominate AG
System Engineer Don't be afraid of what you see -
Diplom-Informatiker be afraid of what you don't see!
tel: +49.(0)7000.POSTFIX fax: +49.(0)30.308806-698
More information about the Snort-users