[Snort-users] Web Cgi finger question

adam.w.hogan adam.w.hogan at ...9362...
Fri Jun 6 06:05:05 EDT 2003

Anybody web browsing on that box?  Do you have the whole packet?

-----Original Message-----
From: Ryan Sebastian [mailto:rsebastian at ...5068...]
Sent: Thursday, June 05, 2003 9:44 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Web Cgi finger question

Hi all. New to snort.
CGI isnt installed on my webserver and I got this log. Why is my machine
going outbound to

[**] [1:839:4] WEB-CGI finger access [**]
[Classification: Attempted Information Leak] [Priority: 2]
06/04-23:22:06.134506 ->
TCP TTL:128 TOS:0x0 ID:34291 IpLen:20 DgmLen:373 DF
***AP*** Seq: 0x3C2AB497  Ack: 0x605A3CAF  Win: 0x4470  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10071][Xref =>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0612][Xref =>

This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list