Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Snort detecting attacks...

From: "Jason Lewis" <jlewis () jasonlewis net>
Date: Mon, 21 May 2001 00:05:51 -0400
Since you are looking to learn, I won't tell you what those attacks are.  ;)
But, our good friend Max Vision has a website that can help.

http://www.whitehats.com/ids/index.html

A search on the attacks should turn up the info you are looking for.

Jason Lewis
http://www.packetnexus.com
http://www.packetnexus.com/kb/greyarts/
It's not secure "Because they told me it was secure". The people at the
other end of the link know less about security than you do. And that's
scary.



-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Craig Woods
Sent: Sunday, May 20, 2001 11:51 PM
To: Snort Users Mailing List
Subject: [Snort-users] Snort detecting attacks...


Hello all,

I am new to the list but thought I might jump out here, and see what I
might learn. I am running Linux with the 2.2.17 kernal. I have a
multi-homed system (2 NICS) with an internal network , and this server
is also the gateway to the internet for all machines on private network.
I have set up rules for IPCHAINS and IPMASQ, and these serve as my
firewall. I have logging in syslog for attempts at most kinds of
intrusion. But.....

I have recently installed snort, and I am now seeing a lot more logging
in "/var/log/snort" Could someone tell me what the following two log
inputs indicate:

1) "MISC-WinGate-1080-Attempt:"
2) "CGI Null Byte attack detected:"

(I am not running a HTTP Server on the external NIC)

These alerts are being logged by snort, and are coming from two
different IP_ADDR's, 64.156.150.92 for the first attack, and
216.142.229.194 for the second attack. Am I in danger of being hacked,
and, if so, what can be done about it? Any help and/or a pointing in the
right direction would be most appreciated.

Thanks,
Craig

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: