[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Snort Log?

Hello, people, this my first time in this list.

I've a question for all you guys.
I'm running a woody with snort installed and configured to listen on the
ppp0, I'received this snort daily report:

3) IDS246 - MISC - Large ICMP Packet: xxx.xx.xx.xx -> home_net 

After seeking the /var/log/auth.log, I found that I recieve this type of
packet every time I connect to the Web server running on this IP.

What kind of game is it?. It's a AIX features (the OS that the host
claims to run)? 

There is good (even to check if the client IP isn't spoofed) reason to
make this?

Another question: sometime I receive alert like this, coming from the
same IP (but, I think, this is a hosted website on his IP)

IDS244 - CVE-1999-0771 - Compaq-insight-dot-dot: xxx.xx.xx.xx:80 ->

I think's this a probe to see, if I'm running a Compaq Management
Agents to exploit a .. attack? Right?

TIA for the answers.

Raffaele Spangaro

Reply to: