[Snort-users] ATTACK-RESPONSES id check returned root

cc cc at ...9707...
Fri Oct 21 23:12:36 EDT 2005


Chris Romano sighed and wrote::

> I came in this moring and checked my snort alerts (morning routine), and
> noticed the following:
> 
> ATTACK-RESPONSES id check returned root 2005-10-21 07:40:32
> 82.165.25.125:80<http://82.165.25.125:80>
> 10.10.10.5:51949 <http://10.10.10.5:51949> TCP
> 

This is very interesting.  Snort tagged your message with the same
exact alert, but this time it was through port 25 (SMTP).  At first,
I freaked when I saw that on BASE.  Then I checked the payload and
got worried.

However, looking at the port, and noticing it was 25, and finding
it in my email, I sighed a relief.  :)

Edmund




More information about the Snort-users mailing list