Snort mailing list archives
Re: Promiscuous interface hacks?
From: Paul Schmehl <pauls () utdallas edu>
Date: Thu, 01 May 2003 17:42:15 -0500
Thanks Matt. What I'm trying to grasp is not whether or not the bo would work, but whether the attacker could then gain control of the box. I can see how the bo would work, because snort is going to process the packets regardless of what is in them.
But once the bo is exploited, even if a root shell is obtained, how does the attacker then "get to" that shell? Since there's no IP associated with it, I'm having trouble understanding how the attacker could then proceed to exploit the box.
--On Thursday, May 01, 2003 06:33:50 PM -0400 Matt Kettler <mkettler () evi-inc com> wrote:
The fact that the interface is in promisc mode is more-or-less irrelevant to an attack involving buffer overflows, format strings, off-by-ones, and other memory-corruption-to-execute code style attacks.
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- VPN and UDP alerts Allan Dover (Apr 24)
- <Possible follow-ups>
- Re: VPN and UDP alerts Neil Dickey (Apr 25)
- Promiscuous interface hacks? Paul Schmehl (May 01)
- Re: Promiscuous interface hacks? Frank Knobbe (May 01)
- Re: Promiscuous interface hacks? Paul Schmehl (May 01)
- Re: Promiscuous interface hacks? Matt Kettler (May 01)
- Re: Promiscuous interface hacks? Paul Schmehl (May 01)
- Re: Promiscuous interface hacks? Matt Kettler (May 01)
- Re: Promiscuous interface hacks? Paul Schmehl (May 02)
- Promiscuous interface hacks? Paul Schmehl (May 01)
- Re: Promiscuous interface hacks? Frank Knobbe (May 01)
- Re: Promiscuous interface hacks? Paul Schmehl (May 02)
- Re: VPN and UDP alerts Allan Dover (Apr 28)
- Re: VPN and UDP alerts Allan Dover (Apr 29)