Snort mailing list archives
RV: Snort exploits
From: "Petriz, Pablo" <ppetriz () siscat com ar>
Date: Wed, 17 Apr 2002 10:19:20 -0300
Good morning This was posted on bugtraq with CC to snort-devel... Can someone tell us (user-list) something about this? TIA PABLO
-----Mensaje original----- De: 0xcafebabe () hushmail com [mailto:0xcafebabe () hushmail com] Enviado el: miercoles 17 de abril de 2002 00:07 Para: bugtraq () securityfocus com; pen-test () securityfocus com CC: snort-devel () snort org Asunto: Snort exploits I didn't see it posted to these lists, but yesterday Dug Song quietly released a tool on the focus-ids list which totally blindsides Snort - http://www.monkey.org/~dugsong/fragroute/index.html. His README.snort file contains several fragroute scripts which blindside even the current Snort version in CVS, tested on RedHat 7.2. For example, the latest wu-ftpd exploits run through the one line "tcp_seg 1 new" don't trigger any Snort alerts at all. :( :( Fragroute is a very powerful new tool. Has anyone found other attacks against Snort with it, or tried it against any other IDS for that matter? -=+ 0xCafeBabe +=-
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RV: Snort exploits Petriz, Pablo (Apr 17)
- RE: RV: Snort exploits Mike Arrison (Apr 17)
- Re: RV: Snort exploits Chris Green (Apr 17)
- <Possible follow-ups>
- RE: RV: Snort exploits counter . spy (Apr 17)
- RE: RV: Snort exploits counter . spy (Apr 17)
- RE: RV: Snort exploits Mike Arrison (Apr 17)