Snort mailing list archives
Re: DOS attacks
From: "Lurene A Grenier" <lurene.grenier () sourcefire com>
Date: Thu, 13 Mar 2008 10:26:29 -0400
Nessus doesn't actually exploit any vulnerabilities; it only checks banners
and parses out the versions to determine if it thinks you're vulnerable to
something. As such, it's not doing anything actually malicious and its
activity shouldn't be detected in most cases.
Snort rules will generally only detect actual attacks as they focus on
detecting triggering conditions necessary to actually exploiting the
vulnerability in question.
_________________________
Lurene A Grenier,
Analyst Team Lead
Senior Research Engineer
Office: (410) 423-1918
Mobile: (703) 839-3898
,,_
SourceFire Inc. o" )~
''''
From: snort-users-bounces () lists sourceforge net
[mailto:snort-users-bounces () lists sourceforge net] On Behalf Of Kamran Shafi
Sent: Thursday, March 13, 2008 2:43 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] DOS attacks
P.S.
Is there a specific preprocessor to handle DOS attacks in Snort or it is
only done through the Snort rules? In specific, I couldn't find any rules
for flooding DOS attacks and the classical DOS attacks like land and
teardrop. Do I have to write my own rules to cater for these types of
attacks?
Further, I am conducting a full Nessus scan but Snort is only reporting very
few alerts (20 odd). Is it normal?
--
Regards
Kam
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- DOS attacks Kamran Shafi (Mar 12)
- Re: DOS attacks Todd Wease (Mar 13)
- Re: DOS attacks Todd Wease (Mar 13)
- Re: DOS attacks Lurene A Grenier (Mar 13)
- Re: DOS attacks Bob Konigsberg (Mar 13)
- Re: DOS attacks Zakai Kinan (Mar 13)
- Re: DOS attacks Kamran Shafi (Mar 13)
- Re: DOS attacks Todd Wease (Mar 14)
- Re: DOS attacks Giles Coochey (Mar 14)
- Re: DOS attacks Todd Wease (Mar 13)