[Snort-users] ATTACK-RESPONSES id check returned root

cc cc at ...9707...
Fri Oct 21 23:12:36 EDT 2005

Chris Romano sighed and wrote::

> I came in this moring and checked my snort alerts (morning routine), and
> noticed the following:
> ATTACK-RESPONSES id check returned root 2005-10-21 07:40:32
> <> TCP

This is very interesting.  Snort tagged your message with the same
exact alert, but this time it was through port 25 (SMTP).  At first,
I freaked when I saw that on BASE.  Then I checked the payload and
got worried.

However, looking at the port, and noticing it was 25, and finding
it in my email, I sighed a relief.  :)


More information about the Snort-users mailing list