Snort mailing list archives
Re: Testing Snort with Blade IDS Informer
From: Paul Schmehl <pauls () utdallas edu>
Date: Wed, 27 Apr 2005 12:57:02 -0500
--On Wednesday, April 27, 2005 07:47:53 PM +0200 Holger Mense <holger () project2501 de> wrote:
However, I was a bit disappointed about the results. Besides the back orifice and the two portscan attempts, my sensor didn't detect anything else of the remaining 7 attacks provided by IDS Informer. In detail it didn't detect - TCP DNS Zone Transfer
I get these routinely. Something has to be wrong with your config. I'm also running snort 2.3.2.
All of these have trigged from time to time on our network. Something is wrong with the config you're using.- Smurf DOS attempt - finger search - IIS Unicode Traps - IIS htr Buffer Overflow - rpc.statd exploit - traceroute attempt
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ------------------------------------------------------- SF.Net email is sponsored by: Tell us your software development plans! Take this survey and enter to win a one-year sub to SourceForge.net Plus IDC's 2005 look-ahead and a copy of this survey Click here to start! http://www.idcswdc.com/cgi-bin/survey?id=105hix _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Testing Snort with Blade IDS Informer Holger Mense (Apr 27)
- Re: Testing Snort with Blade IDS Informer Paul Schmehl (Apr 27)
- Re: Testing Snort with Blade IDS Informer Holger Mense (Apr 27)
- Re: Testing Snort with Blade IDS Informer Holger Mense (Apr 27)
- Re: Testing Snort with Blade IDS Informer Paul Schmehl (Apr 27)