[Snort-users] id check returned root ?!?!

Michael D. Schleif mds at ...9577...
Sat Jun 28 08:21:18 EDT 2003

I am fairly new to snort, and I've just begun analyzing my logs.

I have my home office network, from which I am writing this post, that
is NAT'ed behind an ipchains firewall.  This system is:

I also have a web/email server hosted by tera-byte.com:

Last week I received several of these:

4  ATTACK RESPONSES id check returned root

Now, I have come to realize that this is a dangerous situation.

I run chkrootkit daily and have _nothing_ to report.

What should I do?

Best Regards,

mds resource
Dare to fix things before they break . . .
Our capacity for understanding is inversely proportional to how much
we think we know.  The more I know, the more I know I don't know . . .
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030628/363abdf4/attachment.sig>

More information about the Snort-users mailing list