[Snort-users] Newbie: What does this mean?

Briggs, Bruce Bruce.Briggs at ...13183...
Tue Apr 12 14:07:34 EDT 2005


Why do you believe it is your server which is doing this?
Why not a workstation - some user going to Hotmail?

Bruce

-----Original Message-----
From: John Plate [mailto:plate at ...13254...] 
Sent: Tuesday, April 12, 2005 3:58 PM
To: Sean Brown
Cc: Briggs, Bruce; Snort Users
Subject: RE: [Snort-users] Newbie: What does this mean?

Sean Brown wrote:

> I have been getting the same entry in my logs with Hotmail/Microsoft
> servers being the destination and my public IP as the source. Guess
> where 65.54.186.250 points to.
>
> I've just been ignoring it.

Yes - but it could be some Trojan Horse hidden somewhere on the server
making/testing a coordinated attack. 

We still miss the explanation why the traffic seems to come from my
server, right?

I've tried with netstat -l and looked at all active processes, but I
cannot find anything suspicious. 

John




More information about the Snort-users mailing list