Snort mailing list archives
Snort detecting attacks...
From: Craig Woods <res06ztt () gte net>
Date: Sun, 20 May 2001 22:51:12 -0500
Hello all, I am new to the list but thought I might jump out here, and see what I might learn. I am running Linux with the 2.2.17 kernal. I have a multi-homed system (2 NICS) with an internal network , and this server is also the gateway to the internet for all machines on private network. I have set up rules for IPCHAINS and IPMASQ, and these serve as my firewall. I have logging in syslog for attempts at most kinds of intrusion. But..... I have recently installed snort, and I am now seeing a lot more logging in "/var/log/snort" Could someone tell me what the following two log inputs indicate: 1) "MISC-WinGate-1080-Attempt:" 2) "CGI Null Byte attack detected:" (I am not running a HTTP Server on the external NIC) These alerts are being logged by snort, and are coming from two different IP_ADDR's, 64.156.150.92 for the first attack, and 216.142.229.194 for the second attack. Am I in danger of being hacked, and, if so, what can be done about it? Any help and/or a pointing in the right direction would be most appreciated. Thanks, Craig _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort detecting attacks... Craig Woods (May 20)
- RE: Snort detecting attacks... Jason Lewis (May 20)