[Snort-users] Snort detecting attacks...
res06ztt at ...1127...
Sun May 20 23:51:12 EDT 2001
I am new to the list but thought I might jump out here, and see what I
might learn. I am running Linux with the 2.2.17 kernal. I have a
multi-homed system (2 NICS) with an internal network , and this server
is also the gateway to the internet for all machines on private network.
I have set up rules for IPCHAINS and IPMASQ, and these serve as my
firewall. I have logging in syslog for attempts at most kinds of
I have recently installed snort, and I am now seeing a lot more logging
in "/var/log/snort" Could someone tell me what the following two log
2) "CGI Null Byte attack detected:"
(I am not running a HTTP Server on the external NIC)
These alerts are being logged by snort, and are coming from two
different IP_ADDR's, 184.108.40.206 for the first attack, and
220.127.116.11 for the second attack. Am I in danger of being hacked,
and, if so, what can be done about it? Any help and/or a pointing in the
right direction would be most appreciated.
More information about the Snort-users