Ola amigos,

será que é um ataque?

No ACID esta dando um monte destes alertas e quando verefico pelo whois de que é o ip ele me apresenta assim

whois:200.190.39.216 [f531.mail.yahoo.com]
Whois:
@whois. MagicNetworkSolutions.comCRSNIC.netARIN.netRIPE.netAPNIC.netLACNIC.netEDUcause.netPIR.orgnic.MILAUnic.net


OrgName: Yahoo! Broadcast Services Inc.
OrgID: YAHO
Address: 701 First Ave
City: Sunnyvale
StateProv: CA
PostalCode: 94089
Country: US
NetRange: 206.190.32.0 - 206.190.63.255
CIDR: 206.190.32.0/19
NetName: NETBLK1-YAHOOBS
NetHandle: NET-206-190-32-0-1
Parent: NET-206-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.YAHOO.COM
NameServer: NS2.YAHOO.COM
NameServer: NS3.YAHOO.COM
NameServer: NS4.YAHOO.COM
NameServer: NS5.YAHOO.COM
Comment:
RegDate: 1995-12-15
Updated: 2005-03-02
TechHandle: NA258-ARIN
TechName: Netblock Admin
TechPhone: 1-408-349-3300
TechEmail: [email protected]
OrgAbuseHandle: NETWO857-ARIN
OrgAbuseName: Network Abuse
OrgAbusePhone: 1-408-349-3300
OrgAbuseEmail: [email protected]
OrgTechHandle: NA258-ARIN
OrgTechName: Netblock Admin
OrgTechPhone: 1-408-349-3300
OrgTechEmail: [email protected]
ARIN WHOIS database last updated 2005-07-17 19: 10
Enter ? for additional hints on searching ARIN's WHOIS database.

Parece-me que é um falso positivo seria isso. quero enteder como funciona, piois esta me dando muitas mensagens destas, como faço no snort para tirar esses alertas?


Yuri