Snort mailing list archives
Re: Exploits not being reported
From: Brian <bmc () snort org>
Date: Fri, 30 Nov 2001 08:56:12 -0500
According to Arvind Clemente:
I have snort box up and running and is logging evrything to mysql database, It can detect portscans in NMAP, Nimda virusus etc. But it could not detect wu-ftpd exploit and rpc-statd exploit .
So do us a favor, get a pcap log of the entire exploit session and preferably send us the exploit, and I'll write signatures for it. Snort only alerts on what it knows about, so share the info, and lets make snort know about another set of exploits. NOTE: when we write signatures, we try and write signatures that will pick up an attack against the vulnerability, no matter what exploit is being used. Sometimes this is hard. So again, send us the data, and I'll see what I can do. -brian -- Verbogeny is one of the pleasurettes of a creatific thinkerizer. -- Peter da Silva _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Exploits not being reported Arvind Clemente (Nov 30)
- Re: Exploits not being reported Brian (Nov 30)