[Snort-users] IDS126/X11_OUTGOING_XTERM ?

Hilton De Meillon HDemeillon at ...5498...
Thu Jun 13 07:46:03 EDT 2002


Hey all,

I get this sig popping up often:


[**] [1:1227:2] X11 outbound client connection detected [**]
[Classification: Misc activity] [Priority: 3]
06/13-17:23:19.974611 xxx.xxx.xx.x:6000 -> 64.4.13.218:1863
TCP TTL:128 TOS:0x0 ID:61991 IpLen:20 DgmLen:40 DF
***A**** Seq: 0xB4D598E3  Ack: 0x18A95242  Win: 0x3C86  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS126]

Thing is the destination is pointing to a hotmail host. 64.4.13.218 is
msgr-cs110.msgr.hotmail.com. the source address is from our M$ ISA firewall.


Any comments ??.

Regards,
Hilton De Meillon


"Common sense is the collection of prejudices acquired by age eighteen."
- Albert Einstein






More information about the Snort-users mailing list