[Klug-general] SNORTing the rabbit hole
MacGyveR
macgyver at thedumbterminal.co.uk
Tue Feb 23 20:19:27 UTC 2010
On Tuesday 23 February 2010, Alan @ COMM-TECH wrote:
> Found a nifty little utility in the Ubuntu Repo called "harden-nids". It
> analyses snort logs daily and emails summaries of attacks or heavy
> traffic... cant figure out some of them - can anyone translate?
>
>
> This one is 10.1.1.10 a Laserjet 4300 - what is that weird destination
> address?
>
> EVENTS SOURCE DEST METHOD
> 1180 10.1.1.10 239.255.255.250 MISC UPnP malformed advertisement
>
> This is an ordinary Linux box - running nothing special with regards to
> services... what is that method?
>
> EVENTS SOURCE DEST METHOD
> 974 10.1.1.182 212.49.203.231 COMMUNITY WEB-MISC mod_jrun
> overflow attempt
>
> Any ideas?
>
> Alan
>
> _______________________________________________
> Kent mailing list
> Kent at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/kent
>
the first one is just upnp announcements, you should be able to turn it off on
the printer if you dont use it. (auto discover devices etc.)
the second would be a web server attack, are you running mod_jrun on apache?
More information about the Kent
mailing list