Snort mailing list archives
RE: How to Triggering Windows Exploits?
From: "Joshua Berry" <jberry () PENSON COM>
Date: Tue, 25 May 2004 15:39:49 -0500
Snort will not verify OS or Services running on the target machine unless you patch it with something like the Attack Verification patch that uses Nessus to verify actual vulnerabilities of the target. -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of ids () san rr com Sent: Tuesday, May 25, 2004 2:46 PM To: snort-users () lists sourceforge net Subject: [Snort-users] How to Triggering Windows Exploits? Hi everyone- I have a simple question. Is it true that some Snort alerts are only triggered if the target computer is vulnerable to that attack? To be a little more specific... if an attacks targets an exploit in Windows 2000 and I only have Linux running in my network will Snort alert me to those Windows attacks? The reason I ask is because I have a Snort sensor detecting detecting attacks against a Linux box running Apache. I noticed that the only attacks I detect are SQL, HTTP and Linux related. About a week ago for a brief time an associate put a Windows 2k box off of the hub and I started to get hit with these Alerts I had never seen before (MS Exploits). I want to capture more data on the amount of exploits attacks on Windows and was wondering for me to gather that data would I have to have a Windows computer on the network Snort is sensing? Thanks in advance! Alan ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id149&alloc_id66&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How to Triggering Windows Exploits? ids (May 25)
- <Possible follow-ups>
- RE: How to Triggering Windows Exploits? Joshua Berry (May 25)
- Re: RE: How to Triggering Windows Exploits? ids (May 25)
- Re: How to Triggering Windows Exploits? James Riden (May 25)
- RE: How to Triggering Windows Exploits? Alan (May 26)
- Re: How to Triggering Windows Exploits? James Riden (May 25)
- RE: RE: How to Triggering Windows Exploits? Alan (May 26)
- RE: RE: How to Triggering Windows Exploits? Alan (May 26)
- Re: RE: How to Triggering Windows Exploits? Hendo (May 26)