On Fri, Mar 30, 2001 at 02:31:40PM +0200, Roeland Weve wrote:
> I've got 15062 occurances from one IP to 934 IP addresses
> I duno exactly what to do with that, but does anybody what it does?
> I had a look at the arachNIDS, but I don't know if it's dangerous...
> How can I see if a machine is really affected?
>
> #0-(1-8870) [arachNIDS] BACKDOOR DeepThroat 3.1 Client Sending Data to
> Server on Network
> 2001-03-29 19:10:00 xxx.xx.xx.78:60000 -> xxx.xx.200.0:2140 UDP

Check the packet traces! Have a close look at the packets themselves, not
the alerts.

-- 
ralf.hildebrandtinnominate.com                            innominate AG
System Engineer                        Don't be afraid of what you see -
Diplom-Informatiker                     be afraid of what you don't see!
tel: +49.(0)7000.POSTFIX  fax: +49.(0)30.308806-698         
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]