[Snort-users] Should I worry??

Anthony Scott ascott at ...6076...
Tue Jun 25 09:42:04 EDT 2002

Received this alert from Snort:
[**] [1:1227:2]  <http://hqbb/snort/sig/sigsid-1227.html> X11 outbound client connection detected [**]
[Classification: Misc activity] [Priority: 3]
06/24-10:37:44.575620  <http://hqbb/snort/192/168/1/src192.168.1.18.html>  <http://www.portsdb.org/bin/portsdb.cgi?portnumber=6000&protocol=TCP> 6000 ->  <http://hqbb/snort/192/168/1/dest192.168.1.225.html>  <http://www.portsdb.org/bin/portsdb.cgi?portnumber=1984&protocol=TCP> 1984
TCP TTL:128 TOS:0x0 ID:12364 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x36B34774 Ack: 0x498A1D12 Win: 0x4470 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS126]
.18 is an Exchange server. This is , of course, an internal IP address. However it does have a public IP address.
.225 is the Snort/Big Brother server. It only has the internal address.
anthony  scott,
workstation administrator
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020625/124ba24e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: headbanger.gif
Type: image/gif
Size: 1579 bytes
Desc: headbanger.gif
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020625/124ba24e/attachment.gif>

More information about the Snort-users mailing list