Snort mailing list archives

BACKDOR ??

From: "Eduard Meiler" <edik () meiler org>
Date: Mon, 29 Oct 2001 21:08:42 +0100

Hallo all,



can somebody understand what happend ?

regards

Eduard

Oct 29 20:42:57 wall proftpd[5899]: connect from 217.120.134.101
(217.120.134.101)

Oct 29 20:43:03 wall proftpd[5899]: wall.meiler.org
(cc82466-a.ensch1.ov.nl.home.com[217.120.134.101]) - FTP session opened.

Oct 29 20:43:13 wall proftpd[5899]: wall.meiler.org
(cc82466-a.ensch1.ov.nl.home.com[217.120.134.101]) - FTP session closed.

Oct 29 20:49:57 wall snort: [1:160:1] BACKDOOR NetMetro Incoming Traffic
{TCP} 217.126.184.188:5031 -> 192.168.7.250:1839

Oct 29 20:52:19 wall snort: [1:160:1] BACKDOOR NetMetro Incoming Traffic
{TCP} 217.0.27.211:5031 -> 192.168.7.250:4520

Current thread:

BACKDOR ?? Eduard Meiler (Oct 29)
- RE: BACKDOR ?? Jyri Hovila (Oct 29)