Snort Log?

To: debian-security@lists.debian.org
Subject: Snort Log?
From: keatch_it@yahoo.com
Date: Mon, 4 Dec 2000 20:37:39 +0100
Message-id: <[🔎] 20001204203739.B301@netalone1.dei.unipd.it>
Mail-followup-to: debian-security@lists.debian.org
Reply-to: keatch_it@yahoo.com

Hello, people, this my first time in this list.

I've a question for all you guys.
I'm running a woody with snort installed and configured to listen on the
ppp0, I'received this snort daily report:

3) IDS246 - MISC - Large ICMP Packet: xxx.xx.xx.xx -> home_net 

After seeking the /var/log/auth.log, I found that I recieve this type of
packet every time I connect to the Web server running on this IP.

What kind of game is it?. It's a AIX features (the OS that the host
claims to run)? 

There is good (even to check if the client IP isn't spoofed) reason to
make this?

Another question: sometime I receive alert like this, coming from the
same IP (but, I think, this is a hosted website on his IP)

IDS244 - CVE-1999-0771 - Compaq-insight-dot-dot: xxx.xx.xx.xx:80 ->
my_home_net

I think's this a probe to see, if I'm running a Compaq Management
Agents to exploit a .. attack? Right?

TIA for the answers.

-- 
Raffaele Spangaro
keatch_it@yahoo.com

Reply to:

Follow-Ups:
- Re: Snort Log?
  - From: J C Lawrence <claw@kanga.nu>

Prev by Date: Re: What should a Debian-security metapackage should provide?
Next by Date: Re: What should a Debian-security metapackage should provide?
Previous by thread: Re: What should a Debian-security metapackage should provide?
Next by thread: Re: Snort Log?
Index(es):
- Date
- Thread