[Snort-users] New To Snort, Where do I start

John Sage jsage at ...2022...
Fri Mar 8 08:18:19 EST 2002


Wonder if he's been cracked, yet ;-(

I wonder what the guy's IP is. I can just see this sort of thing
coming from it, right quick now...

03/04-09:47:31.844810 65.xx.yy.zz:1525 -> 12.aa.bb.cc:111
TCP TTL:52 TOS:0x0 ID:32007 IpLen:20 DgmLen:60 DF
******S* Seq: 0x28BB1936  Ack: 0x0  Win: 0x7D78  TcpLen: 40
TCP Options (5) => MSS: 1460 SackOK TS: 52483290 0 NOP WS: 0


and then if you connect by http to his IP:

http to 65.xx.yy.zz: 

"It Worked! If you can see this, it means that the installation of the
Apache software on this Red Hat Linux system was successful.

You may now add content to this directory and replace this page."

Yeah: it worked, you installed Linux and Apache and left it wide open,
and now your box has been cracked and is being used to attack other


- John
Most people don't type their own logfiles;  but, what do I care?

On Fri, Mar 08, 2002 at 09:36:42AM -0500, McCammon, Keith wrote:
> http://www.snort.org
> Drink.
> -----Original Message-----
> From: M.A. Montisetsi [mailto:montisetsi at ...131...]
> Sent: Friday, March 08, 2002 9:28 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] New To Snort, Where do I start
> Hi,
> It may sound easy, but I've just setup an Apache Web
> Server on Redhat Linux 7.1, and I would like to use
> Snort as my IDS. I am not sure which files to download
> so I can install it. Thanx in advance for your help.
> Montisetsi

More information about the Snort-users mailing list