Snort mailing list archives
RE: Web Cgi finger question
From: "adam.w.hogan" <adam.w.hogan () delphi com>
Date: Fri, 6 Jun 2003 09:02:31 -0400
Anybody web browsing on that box? Do you have the whole packet? -----Original Message----- From: Ryan Sebastian [mailto:rsebastian () comcast net] Sent: Thursday, June 05, 2003 9:44 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Web Cgi finger question Hi all. New to snort. CGI isnt installed on my webserver and I got this log. Why is my machine going outbound to 209.75.26.33? TIA [**] [1:839:4] WEB-CGI finger access [**] [Classification: Attempted Information Leak] [Priority: 2] 06/04-23:22:06.134506 192.168.0.7:3252 -> 209.75.26.33:80 TCP TTL:128 TOS:0x0 ID:34291 IpLen:20 DgmLen:373 DF ***AP*** Seq: 0x3C2AB497 Ack: 0x605A3CAF Win: 0x4470 TcpLen: 20 [Xref => http://cgi.nessus.org/plugins/dump.php3?id=10071][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0612][Xref => http://www.whitehats.com/info/IDS221] ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Web Cgi finger question Ryan Sebastian (Jun 06)
- Re: Web Cgi finger question Snortman (Jun 06)
- RE: Web Cgi finger question Ryan Sebastian (Jun 09)
- <Possible follow-ups>
- RE: Web Cgi finger question adam.w.hogan (Jun 06)
- Re: Web Cgi finger question Snortman (Jun 06)