[Snort-users] ATTACK-RESPONSES id check returned root

Patrick Walsh pwalsh at ...13543...
Fri Oct 21 10:45:31 EDT 2005


> SUCKIT v 1.1c - New, singing, dancing, world-smashing rewtkit  *.*
> (c)oded by sd at ...13580... & devik at ...13581..., 2001
> Configuring ./sk:.OK!.[attacker at ...13582... ~/sk10]$ telnet lamehost.com
> 80.Trying 192.160.0.2.... Connected to lamehost.com..Escape character

	Looks like someone viewed this phrack article:

http://www.phrack.org/phrack/58/p58-0x07

which triggered the rule.


-- 
Patrick Walsh
eSoft Incorporated
303.444.1600 x3350
http://www.esoft.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20051021/8d7dc31d/attachment.sig>


More information about the Snort-users mailing list