id check returned root

[Floyd Hartog <floyd () webwizard dyndns ws>]

Date:    01/27 16:03:28     Name:    ATTACK RESPONSES id check returned root
Priority:    2     Type:    Potentially Bad Traffic
IP info:     199.233.98.101:17335 -> XXX.XXX.XXX.XXX:25
References:    none found    SID:     498

Date:    01/27 16:52:21     Name:    ATTACK RESPONSES id check returned root
Priority:    2     Type:    Potentially Bad Traffic
IP info:     205.206.231.26:56101 -> XXX.XXX.XXX.XXX:25
References:    none found    SID:     498

Hi
I am a bit confused with the output from my snort logs, which you see 
above.  That looks bad, very bad.  But a whois seems to indicate this is 
the vulnwatch and securityfocus outgoing mail servers.  Am I reading 
this wrong?  Is this a snort bug, or a attack?  And what would be the 
correct response?  Thanks for your imput.  Floyd

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------