wierd snort logs
From: Craig Van Tassle (craig@ambrosa.dns04.com)Date: 01/18/02
- Previous message: shawn merdinger: "RE: Remote PC Management via LAN/WAN"
- Next in thread: dewt: "Re: wierd snort logs"
- Reply: dewt: "Re: wierd snort logs"
- Reply: Jason Lewis: "RE: wierd snort logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 18 Jan 2002 14:37:10 -0600 From: Craig Van Tassle <craig@ambrosa.dns04.com> To: security-basics <security-basics@securityfocus.com>
Im getting some alerts from a ip that we all know and love.
Security Focus. Has any one gotten the same results or has any ides on why
this would be happening?
Thnaks
Craig
P.S. here is the output from my snort logs
[**] ATTACK RESPONSES id check returned root [**]
01/18-04:21:58.569692 66.38.151.27:53886 -> x.x.x.x:25
TCP TTL:42 TOS:0x0 ID:57084 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8F3CCC0C Ack: 0xA7DB1015 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 669129608 27111348
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
- application/pgp-signature attachment: stored
- Previous message: shawn merdinger: "RE: Remote PC Management via LAN/WAN"
- Next in thread: dewt: "Re: wierd snort logs"
- Reply: dewt: "Re: wierd snort logs"
- Reply: Jason Lewis: "RE: wierd snort logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
