[Snort-users] Unusual System Events

Brian bmc at ...950...
Thu Oct 18 05:06:21 EDT 2001


According to Eduard Meiler:
> Hallo,
> 
> how can I disable these logs from my LAN ?

the real question is, why do you want to?

> Oct 18 12:00:18 wall snort: [1:583:1] RPC portmap request rstatd
> [Classification: Attempted Information Leak] [Priority: 3]: {UDP}
> 192.168.200.55:1076 -> 192.168.200.250:111
> 
> Oct 18 12:14:50 wall snort: [1:1227:1] X11 outgoing [Classification: Unknown
> Traffic] [Priority: 1]: {TCP} 192.168.200.253:6000 -> 192.168.200.55:1116

To an outsider from your network, it looks as if you got hacked via
statd, and they lanched an xterm back at themselves.

If not, you could just set your HOME_NET & EXTERNAL_NET properly.

-- 
Save the whales.  Collect the whole set.




More information about the Snort-users mailing list