Re: New To Snort, Where do I start

[John Sage <jsage () finchhaven com>]

*sigh*

Wonder if he's been cracked, yet ;-(

I wonder what the guy's IP is. I can just see this sort of thing
coming from it, right quick now...


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
03/04-09:47:31.844810 65.xx.yy.zz:1525 -> 12.aa.bb.cc:111
TCP TTL:52 TOS:0x0 ID:32007 IpLen:20 DgmLen:60 DF
******S* Seq: 0x28BB1936  Ack: 0x0  Win: 0x7D78  TcpLen: 40
TCP Options (5) => MSS: 1460 SackOK TS: 52483290 0 NOP WS: 0

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+


and then if you connect by http to his IP:

http to 65.xx.yy.zz: 

"It Worked! If you can see this, it means that the installation of the
Apache software on this Red Hat Linux system was successful.

You may now add content to this directory and replace this page."


Yeah: it worked, you installed Linux and Apache and left it wide open,
and now your box has been cracked and is being used to attack other
people..



*sigh*

- John
-- 
Most people don't type their own logfiles;  but, what do I care?


On Fri, Mar 08, 2002 at 09:36:42AM -0500, McCammon, Keith wrote:
> http://www.snort.org
>
> Drink.
>
> -----Original Message-----
> From: M.A. Montisetsi [mailto:montisetsi () yahoo com]
> Sent: Friday, March 08, 2002 9:28 AM
> To: snort-users () lists sourceforge net
> Subject: [Snort-users] New To Snort, Where do I start
>
>
> Hi,
>
> It may sound easy, but I've just setup an Apache Web
> Server on Redhat Linux 7.1, and I would like to use
> Snort as my IDS. I am not sure which files to download
> so I can install it. Thanx in advance for your help.
>
> Montisetsi

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users