[Snort-users] How to fix the vulnerabilities

James Riden j.riden at ...11179...
Wed Sep 22 16:17:06 EDT 2004


Aguiar Magalhaes <magalhj at ...6873...> writes:

> Hi list,
>
> I´m using the snort-2.2.0... 
>
> I´ve received a lot of alerts and I´d like to know how
> fix these vulnerabilities (Where can I get these
> informations ??)
>
> Please, help me
>
> Exemples: 
>
> [1:466:4] ICMP L3retriever Ping [Classification:
> Attempted Information Leak] [Priority: 2]: {ICMP}... 
>
> [1:480:5] ICM PING speedera [Classification: Misc
> activity] [Priority: 3]: {ICMP}...

Not a vulnerability, just for information's sake. Please don't turn
off all ICMP, that breaks more things than it fixes.

> [1:1852:3] WEB-MISC robots.txt access ...

Someone fetched /robots.txt which is a file which says which
(well-behaved) web crawlers are allowed to access web sites. Google
amongst others will do this - in which case you should see "googlebot"
as the user-agent for the /robots.txt in your httpd logs.

If you want to know more, check out the references in the signatures.

cheers,
 Jamie
-- 
James Riden / j.riden at ...11179... / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/






More information about the Snort-users mailing list