[Snort-users] ATTACK-RESPONSES id check returned root

Romano, Chris CRomano at ...9382...
Tue Dec 30 13:56:02 EST 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I just got this alert for our snort sensor.  I think that it's a false
positive but am not sure how to check and want to see if anyone else has
seen this.  Both the source and dest. are mail servers. The source is a
from a list server that sends a good bit of emails to us and this is the
first time that I have seen this alert.  The source IP is 131.193.178.160
(stoneport.math.uic.edu - a.mx.cr.yp.to).  Any help would be greatly
appreciated.

Thanks,

Chris Romano

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBP/H03gvHK4/UMrUIEQIJCgCg9iVJSHV+lry98BnXLgnk+v8MT9wAnRbN
Q3+JYVAeh7qpWDZQC2Ern1GO
=eFFD
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20031230/498cc1d5/attachment.html>


More information about the Snort-users mailing list