[Snort-users] id check returned root ?!?!
Michael D. Schleif
mds at ...9577...
Sat Jun 28 08:21:18 EDT 2003
I am fairly new to snort, and I've just begun analyzing my logs.
I have my home office network, from which I am writing this post, that
is NAT'ed behind an ipchains firewall. This system is: 192.168.123.150
I also have a web/email server hosted by tera-byte.com: 220.127.116.11
Last week I received several of these:
4 18.104.22.168 192.168.123.150 ATTACK RESPONSES id check returned root
Now, I have come to realize that this is a dangerous situation.
I run chkrootkit daily and have _nothing_ to report.
What should I do?
Dare to fix things before they break . . .
Our capacity for understanding is inversely proportional to how much
we think we know. The more I know, the more I know I don't know . . .
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the Snort-users