[Wolves] Worrying SNORT results

fizzy wolves at mailman.lug.org.uk
Thu Feb 20 12:13:00 2003

Certainly looks suspect, especially the:
1    NNTP return
code buffer overflow attempt

line.  Fragroute tries to evade IDS detection by
"monkeying around with the packets", the way snort
picks it up IIRC is weird, and can pick up a lot of
false positives. 

Are you running an NNTP server? Are you running
tripwire (or similar) on any of your boxes? 


Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts