[Snort-users] ATTACK-RESPONSES id check returned root

Willy, Andrew AWilly at ...13017...
Fri Oct 21 11:52:46 EDT 2005


Keep on eye on that person. =)

Andrew

---
On 10/21/05, Patrick Walsh <pwalsh at ...13543...> wrote:
> SUCKIT v 1.1c - New, singing, dancing, world-smashing rewtkit  *.*
> (c)oded by sd at ...13580... & devik at ...13581..., 2001
> Configuring ./sk:.OK!.[ attacker at ...13582... ~/sk10]$ telnet lamehost.com
> 80.Trying 192.160.0.2.... Connected to lamehost.com..Escape character

        Looks like someone viewed this phrack article: 

http://www.phrack.org/phrack/58/p58-0x07

which triggered the rule.


That seems to be it.  I feel much better now.

thanks everyone.

Chris













NOTICE OF CONFIDENTIALITY-The information in this email, including
attachments, may be confidential and/or privileged and may contain
confidential health information. This email is intended to be reviewed only
by the individual or organization named as addressee. If you have received
this email in error please notify Scottsdale Medical Imaging, an affiliate
of Southwest Diagnostic Imaging, LTD immediately - by return message to the
sender or to support at ...13018... - and destroy all copies of this message and
any attachments. Please note that any views or opinions presented in this
email are solely those of the author and do not necessarily represent those
of Scottsdale Medical Imaging. Confidential health information is protected
by state and federal law, including, but not limited to, the Health
Insurance Portability and Accountability Act of 1996 and related
regulations.




More information about the Snort-users mailing list