GEN:SID 1:1882
Message ATTACK-RESPONSES id check returned userid
Summary This event is generated by the use of a UNIX "id" command. This may be
indicative of post-compromise behavior where the attacker is checking
for super user privileges gained by a sucessful exploit against a
vulnerable system.
Impact Serious. An attacker may have gained user access to the system.
Detailed Information This event is generated when a UNIX "id" command is used to confirm the
user name of the currenly logged in user over an unencrypted connection.
This connection can either be a legitimate telnet connection or the
result of spawning a remote shell as a consequence of a successful
network exploit.

The string "uid=" is an output of an "id" command indicating that a
check is being made on the users current id.
Affected Systems  
Attack Scenarios A buffer overflow exploit against an FTP server results in "/bin/sh"
being executed. An automated script performing an attack, checks for the
success of the exploit via an "id" command.
Ease of Attack Simple. This may be post-attack behavior and can be indicative of the
successful exploitation of a vulnerable system.
Corrective Action Ensure that this event was not generated by a legitimate session then
investigate the server for signs of compromise

Look for other events generated by the same IP addresses.
Additional References