[Snort-users] ATTACK-RESPONSES id check returned root

Patrick Walsh pwalsh at ...13543...
Fri Oct 21 10:45:31 EDT 2005

> SUCKIT v 1.1c - New, singing, dancing, world-smashing rewtkit  *.*
> (c)oded by sd at ...13580... & devik at ...13581..., 2001
> Configuring ./sk:.OK!.[attacker at ...13582... ~/sk10]$ telnet lamehost.com
> 80.Trying Connected to lamehost.com..Escape character

	Looks like someone viewed this phrack article:


which triggered the rule.

Patrick Walsh
eSoft Incorporated
303.444.1600 x3350
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20051021/8d7dc31d/attachment.sig>

More information about the Snort-users mailing list