Snort mailing list archives
RE: Snort detecting attacks...
From: "Jason Lewis" <jlewis () jasonlewis net>
Date: Mon, 21 May 2001 00:05:51 -0400
Since you are looking to learn, I won't tell you what those attacks are. ;) But, our good friend Max Vision has a website that can help. http://www.whitehats.com/ids/index.html A search on the attacks should turn up the info you are looking for. Jason Lewis http://www.packetnexus.com http://www.packetnexus.com/kb/greyarts/ It's not secure "Because they told me it was secure". The people at the other end of the link know less about security than you do. And that's scary. -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Craig Woods Sent: Sunday, May 20, 2001 11:51 PM To: Snort Users Mailing List Subject: [Snort-users] Snort detecting attacks... Hello all, I am new to the list but thought I might jump out here, and see what I might learn. I am running Linux with the 2.2.17 kernal. I have a multi-homed system (2 NICS) with an internal network , and this server is also the gateway to the internet for all machines on private network. I have set up rules for IPCHAINS and IPMASQ, and these serve as my firewall. I have logging in syslog for attempts at most kinds of intrusion. But..... I have recently installed snort, and I am now seeing a lot more logging in "/var/log/snort" Could someone tell me what the following two log inputs indicate: 1) "MISC-WinGate-1080-Attempt:" 2) "CGI Null Byte attack detected:" (I am not running a HTTP Server on the external NIC) These alerts are being logged by snort, and are coming from two different IP_ADDR's, 64.156.150.92 for the first attack, and 216.142.229.194 for the second attack. Am I in danger of being hacked, and, if so, what can be done about it? Any help and/or a pointing in the right direction would be most appreciated. Thanks, Craig _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort detecting attacks... Craig Woods (May 20)
- RE: Snort detecting attacks... Jason Lewis (May 20)