Snort mailing list archives
RE: RV: Snort exploits
From: "Mike Arrison" <arrison () gnostech com>
Date: Wed, 17 Apr 2002 10:33:49 -0400
I saw this recently on bugtraq too. I thought "preprocessor frag2" would
take care of fragmentation exploits like this. Would someone smart please
chime in? :)
-Mike Arrison
-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Petriz,
Pablo
Sent: Wednesday, April 17, 2002 9:19 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] RV: Snort exploits
Good morning
This was posted on bugtraq with CC to snort-devel...
Can someone tell us (user-list) something about this?
TIA
PABLO
-----Mensaje original----- De: 0xcafebabe () hushmail com [mailto:0xcafebabe () hushmail com] Enviado el: miercoles 17 de abril de 2002 00:07 Para: bugtraq () securityfocus com; pen-test () securityfocus com CC: snort-devel () snort org Asunto: Snort exploits I didn't see it posted to these lists, but yesterday Dug Song quietly released a tool on the focus-ids list which totally blindsides Snort - http://www.monkey.org/~dugsong/fragroute/index.html. His README.snort file contains several fragroute scripts which blindside even the current Snort version in CVS, tested on RedHat 7.2. For example, the latest wu-ftpd exploits run through the one line "tcp_seg 1 new" don't trigger any Snort alerts at all. :( :( Fragroute is a very powerful new tool. Has anyone found other attacks against Snort with it, or tried it against any other IDS for that matter? -=+ 0xCafeBabe +=-
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RV: Snort exploits Petriz, Pablo (Apr 17)
- RE: RV: Snort exploits Mike Arrison (Apr 17)
- Re: RV: Snort exploits Chris Green (Apr 17)
- <Possible follow-ups>
- RE: RV: Snort exploits counter . spy (Apr 17)
- RE: RV: Snort exploits counter . spy (Apr 17)
- RE: RV: Snort exploits Mike Arrison (Apr 17)