Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort not logging alerts.

From: Lyndon Tiu <ltiu () alumni sfu ca>
Date: Thu, 29 Jul 2004 12:49:07 -0700
On Thu, 29 Jul 2004 15:38:25 -0400 sekure () gmail com wrote: 

You can't do it.  Not with TCP and not the way you are trying to. 
 
The problem is that TCP is a stateful protocol, it needs to establish 
a session before it can send data.  What that means is that something 
has to be listening on port 80 in this case (http), for your browser 
to establish the connection, BEFORE it can send the CodeRed exploit. 
Since nothing is, nothing happens...  If you are just doing this for 
testing, you can download netcat and tell it to listen to port 80. 
That way you'll be able to establish a connection and send the 
exploit. 

 
OK. Thank you. 
 
That makes sense. 
 
I have figured out what I wanted to do. 
 
Leave ip address of sniffer at 0.0.0.0 and only listen for exploits that 
actually connect to an ip address on the network that exists. 
 
Thanks to all who helped. 
 
-- 
Lyndon Tiu 


-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: