On Friday 01 February 2002 07:25 am, Martin Smith wrote:
> Am I reading this right? Someone at the other end is coming from a root
> account.
>
> [**] [1:498:2] ATTACK RESPONSES id check returned root [**]
> [Classification: Potentially Bad Traffic] [Priority: 2]
> 01/31-14:27:26.388959 207.68.176.190:80-> 10.1.50.1:9491
> TCP TTL:62 TOS:0x0 ID:12412 IpLen:20 DgmLen:1476
> ***AP*** Seq: 0xD0B54E63 Ack: 0xA86D0E3A Win: 0xFFFF TcpLen: 20
>
>
> The 10.1.50.1 (for security) is our firewall....
>
>
>
> Thanks for your help
>
> Marty
>
i've triggered this alert by web browsing, specificly pages about security
