[Snort-users] id check returned root ?!?!

Michael D. Schleif mds at ...9577...
Sat Jun 28 08:21:18 EDT 2003


I am fairly new to snort, and I've just begun analyzing my logs.

I have my home office network, from which I am writing this post, that
is NAT'ed behind an ipchains firewall.  This system is: 192.168.123.150

I also have a web/email server hosted by tera-byte.com: 216.234.189.108

Last week I received several of these:

4  216.234.189.108  192.168.123.150  ATTACK RESPONSES id check returned root


Now, I have come to realize that this is a dangerous situation.

I run chkrootkit daily and have _nothing_ to report.

What should I do?

-- 
Best Regards,

mds
mds resource
877.596.8237
-
Dare to fix things before they break . . .
-
Our capacity for understanding is inversely proportional to how much
we think we know.  The more I know, the more I know I don't know . . .
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030628/363abdf4/attachment.sig>


More information about the Snort-users mailing list