[Snort-users] Snort detecting attacks...

Jason Lewis jlewis at ...1831...
Mon May 21 00:05:51 EDT 2001

Since you are looking to learn, I won't tell you what those attacks are.  ;)
But, our good friend Max Vision has a website that can help.


A search on the attacks should turn up the info you are looking for.

Jason Lewis
It's not secure "Because they told me it was secure". The people at the
other end of the link know less about security than you do. And that's

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Craig Woods
Sent: Sunday, May 20, 2001 11:51 PM
To: Snort Users Mailing List
Subject: [Snort-users] Snort detecting attacks...

Hello all,

I am new to the list but thought I might jump out here, and see what I
might learn. I am running Linux with the 2.2.17 kernal. I have a
multi-homed system (2 NICS) with an internal network , and this server
is also the gateway to the internet for all machines on private network.
I have set up rules for IPCHAINS and IPMASQ, and these serve as my
firewall. I have logging in syslog for attempts at most kinds of
intrusion. But.....

I have recently installed snort, and I am now seeing a lot more logging
in "/var/log/snort" Could someone tell me what the following two log
inputs indicate:

1) "MISC-WinGate-1080-Attempt:"
2) "CGI Null Byte attack detected:"

(I am not running a HTTP Server on the external NIC)

These alerts are being logged by snort, and are coming from two
different IP_ADDR's, for the first attack, and for the second attack. Am I in danger of being hacked,
and, if so, what can be done about it? Any help and/or a pointing in the
right direction would be most appreciated.


Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list