NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Snort IDS> 2000-11

Subject: [Snort-users] CGI Null Byte Attack
From: Len Burns (lenbsasquatch.com)
Date: Mon Nov 20 2000 - 17:37:12 CST

Next message: Guy Bruneau: "Re: [Snort-users] Can we interpret the ICMP unreachable messages?"
Previous message: Jason Haar: "[Snort-users] Can I make a rule to catch SMTP banners?"
In reply to: Jason Haar: "[Snort-users] named AXFR's anomoly?"
Next in thread: Joe Stewart: "Re: [Snort-users] CGI Null Byte Attack"
Reply: Len Burns: "[Snort-users] CGI Null Byte Attack"
Reply: Joe Stewart: "Re: [Snort-users] CGI Null Byte Attack"
Reply: Vitaly McLain: "Re: [Snort-users] CGI Null Byte Attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I saw this in ACID under unique alerts, and am having a bit of trouble
tracking down info about it.
spp_http_decode: CGI Null Byte attack detected 30 (2%) 1 1 1
What I am looking for is a way to verify whether this is of concern,
or if not what might be triggering it. Thanks in advance for any
pointers.

-Len

_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/snort-users

Next message: Guy Bruneau: "Re: [Snort-users] Can we interpret the ICMP unreachable messages?"
Previous message: Jason Haar: "[Snort-users] Can I make a rule to catch SMTP banners?"
In reply to: Jason Haar: "[Snort-users] named AXFR's anomoly?"
Next in thread: Joe Stewart: "Re: [Snort-users] CGI Null Byte Attack"
Reply: Len Burns: "[Snort-users] CGI Null Byte Attack"
Reply: Joe Stewart: "Re: [Snort-users] CGI Null Byte Attack"
Reply: Vitaly McLain: "Re: [Snort-users] CGI Null Byte Attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]