[Snort-users] New To Snort, Where do I start
jsage at ...2022...
Fri Mar 8 08:18:19 EST 2002
Wonder if he's been cracked, yet ;-(
I wonder what the guy's IP is. I can just see this sort of thing
coming from it, right quick now...
03/04-09:47:31.844810 65.xx.yy.zz:1525 -> 12.aa.bb.cc:111
TCP TTL:52 TOS:0x0 ID:32007 IpLen:20 DgmLen:60 DF
******S* Seq: 0x28BB1936 Ack: 0x0 Win: 0x7D78 TcpLen: 40
TCP Options (5) => MSS: 1460 SackOK TS: 52483290 0 NOP WS: 0
and then if you connect by http to his IP:
http to 65.xx.yy.zz:
"It Worked! If you can see this, it means that the installation of the
Apache software on this Red Hat Linux system was successful.
You may now add content to this directory and replace this page."
Yeah: it worked, you installed Linux and Apache and left it wide open,
and now your box has been cracked and is being used to attack other
Most people don't type their own logfiles; but, what do I care?
On Fri, Mar 08, 2002 at 09:36:42AM -0500, McCammon, Keith wrote:
> -----Original Message-----
> From: M.A. Montisetsi [mailto:montisetsi at ...131...]
> Sent: Friday, March 08, 2002 9:28 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] New To Snort, Where do I start
> It may sound easy, but I've just setup an Apache Web
> Server on Redhat Linux 7.1, and I would like to use
> Snort as my IDS. I am not sure which files to download
> so I can install it. Thanx in advance for your help.
More information about the Snort-users