[Snort-users] Newbie: What does this mean?
Bruce.Briggs at ...13183...
Tue Apr 12 14:07:34 EDT 2005
Why do you believe it is your server which is doing this?
Why not a workstation - some user going to Hotmail?
From: John Plate [mailto:plate at ...13254...]
Sent: Tuesday, April 12, 2005 3:58 PM
To: Sean Brown
Cc: Briggs, Bruce; Snort Users
Subject: RE: [Snort-users] Newbie: What does this mean?
Sean Brown wrote:
> I have been getting the same entry in my logs with Hotmail/Microsoft
> servers being the destination and my public IP as the source. Guess
> where 188.8.131.52 points to.
> I've just been ignoring it.
Yes - but it could be some Trojan Horse hidden somewhere on the server
making/testing a coordinated attack.
We still miss the explanation why the traffic seems to come from my
I've tried with netstat -l and looked at all active processes, but I
cannot find anything suspicious.
More information about the Snort-users