Code: p401 Severity: Warning
Description: This event is generated when the mstream DDoS tool is used. Impact: Severe. This indicates a host may have been compromised and mstream may have been installed. Corrective: Perform proper forensic analysis on the suspected compromised host to discover the means of compromise. Rebuild a confirmed compromised host. Use a packet filtering firewall to block inappropriate traffic to the network to prevent hosts from being compromised.
|
