Snort mailing list archives
Re: Tools invisible to SNORT
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 17 Apr 2013 10:04:33 -0400
On Apr 17, 2013, at 9:49 AM, Juan Camilo Valencia <juan.valencia () seguratec com co> wrote:
Hi guys, I have a question about this, http://news.thehackernews.com/topera-ipv6-port-scanner-invisible-to-snort-ids?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+thnsecurity+%28The+Hacker+News%29&_m=3n.009a.187.mp0aof3v2x.49l is this true?, if yes, how is possible to develop a set of rules to detect the behavior of this tool. Note: I hope that Joel help me with the answer,
As usual when a tool comes out that says "We can bypass Snort OMG!", it's 99.9% of the time a misconfiguration on the person's side, or something like that. In this case, Snort catches this traffic with the following alert: 116:456:1 -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire
------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Tools invisible to SNORT Juan Camilo Valencia (Apr 17)
- Re: Tools invisible to SNORT Joel Esler (Apr 17)