Snort mailing list archives

RE: BO pre-processor

From: "larosa, vjay" <larosa_vjay () emc com>
Date: Tue, 18 Jun 2002 14:07:37 -0400

I believe I might understand why I don't see any events with snort, the BO
explanation in the snort.conf does state
Back Orrifice (not BO2K). So if snort does not detect BO2K does anybody out
there know of a way to identify this
traffic on the network? Thanks!

vjl

 -----Original Message-----
From:         larosa, vjay  
Sent: Tuesday, June 18, 2002 1:56 PM
To:   'snort-users () lists sourceforge net'
Subject:      BO pre-processor

Hello,

Has anybody done any work with the Back Orrifice 2000 Pre-Processor? I
have been testing in my lab and snort appears to be missing
all of the BO traffic. I have tried with and with out the -nobrute option.
I am not that familiar with BO, but I am remote controlling the
PC so I would expect to see some sort of alert from snort right? Thanks!

vjl


----------------------------------------------------------------------------
                   Bringing you mounds of caffeinated joy
                      >>>     http://thinkgeek.com/sf    <<<

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

BO pre-processor larosa, vjay (Jun 18)
- Re: BO pre-processor Beno Chapman (Jun 18)
- <Possible follow-ups>
- RE: BO pre-processor larosa, vjay (Jun 18)
  - Re: RE: BO pre-processor Larc (Jun 18)
- RE: RE: BO pre-processor larosa, vjay (Jun 18)
- RE: RE: BO pre-processor Claude Bailey (Jun 18)