Looks like SNORT is picking up on some attack against Compaq's Insight
Manager. Insight Manager allows admins to control Compaq desktops, laptops
and servers through the IM agent and has a web interface. Check out the
articles here http://neworder.box.sk/search.php3?srch=insight+manager .
Maybe
That is management-agent-file-read,
you can have a look at
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0771
--
ÎÒÒª¸üºÃµÄÉú»î
Yiming Gong
Senior System Administrator
China Telcom
[EMAIL PROTECTED]
http://security.zz.ha.cn
0086-0371-7934907
> -Original Message-
> Fro
If you're running v1.8 of Snort, there should be a link in the alert that
points to a page on Whitehat or one of a couple other sites that describe
the exploit.
If you're not seeing this, head over to
http://www.whitehats.com/ids/index.html and do a search on the
vulnerability. Having said that,
http://www.google.com/search?q=compaq+insight+directory+traversal
> -Original Message-
> From: Martin Smith [mailto:[EMAIL PROTECTED]]
> Sent: Monday, November 19, 2001 12:43 PM
> To: [EMAIL PROTECTED]
> Subject: Snort Question
>
>
>
> I have been getting this alert, but I can't fi
t;[EMAIL PROTECTED]>
Sent: Monday, October 01, 2001 9:27 AM
Subject: Re: Snort question-follow-up
> Firewall first, if you had read the docs you would have seen that snort
> doesn't see packets dropped by the firewall, so if snort is awfully quiet
> your firewall is probably block
t the person kindly provided you with (he kind of did your homework
for you) mail me off list and I will reprovide it for you.
Cheers,
Leon
-Original Message-
From: Claudiu Ionescu [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 27, 2001 1:22 PM
To: Security Basics
Subject: Re:
from the test i ran, yes it does... however, i think it depends on which machine snort
is running and which machine the firewall software is running on.
my slack box is set up to masquerade my LAN as a firewall/gateway using netfilter. i
installed snort on this same machine for the test. i then
From: "Michael Kjorling" <[EMAIL PROTECTED]>
Sent: Thursday, September 27, 2001 4:06 AM
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> I belive not. The firewall code (the rules of which are managed
> through ipfwadm/ipchains/iptables depending on your kernel version) is
> executing direc
this is system dependent. i don't believe snort will see the
traffic on a linux box, but it will on an openBSD box. i think
this is a result of where the promisicous device is located
in the kernel structures. on linux, it is obviously after the firewall
code, on openBSD it appears to be before