[Snort-users] ATTACK-RESPONSES id check returned root

Chris Romano romano.chris at ...11827...
Fri Oct 21 10:49:15 EDT 2005


On 10/21/05, Patrick Walsh <pwalsh at ...13543...> wrote:
>
> > SUCKIT v 1.1c - New, singing, dancing, world-smashing rewtkit *.*
> > (c)oded by sd at ...13580... & devik at ...13581..., 2001
> > Configuring ./sk:.OK!.[attacker at ...13582... ~/sk10]$ telnet lamehost.com<http://lamehost.com>
> > 80.Trying 192.160.0.2.... Connected to lamehost.com..Escape character
>
> Looks like someone viewed this phrack article:
>
> http://www.phrack.org/phrack/58/p58-0x07
>
> which triggered the rule.



That seems to be it. I feel much better now.

thanks everyone.

Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20051021/35e8a72e/attachment.html>


More information about the Snort-users mailing list