Re: Exploits not being reported

[Brian <bmc () snort org>]

According to Arvind Clemente:
>     I have snort box up and running and is logging evrything to mysql
> database, It can detect portscans in NMAP, Nimda virusus etc. But it
> could not detect wu-ftpd exploit and rpc-statd exploit . 

So do us a favor, get a pcap log of the entire exploit session and
preferably send us the exploit, and I'll write signatures for it.

Snort only alerts on what it knows about, so share the info, and lets
make snort know about another set of exploits.  

NOTE: when we write signatures, we try and write signatures that will
pick up an attack against the vulnerability, no matter what exploit is
being used.  Sometimes this is hard.  

So again, send us the data, and I'll see what I can do.

-brian

-- 
Verbogeny is one of the pleasurettes of a creatific thinkerizer.  
-- Peter da Silva 


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users