Snort mailing list archives
snort 1.9 doesn't raise alert for httptunneling telnet...
From: "s.wun" <s.wun () thales-is com hk>
Date: Wed, 16 Oct 2002 15:47:16 +0800
I found that snort 1.9 doesn't raise any alert/alarm when using httptunnel execute telnet command thru port 8888. tcpdump indicate that after logon thru port 8888 (and redirected to port 23), running ls command is embedded in the http connection. However snort 1.9 doesn't give any warning, is this normal? What other hacking tool I can demonstrate that IDS (snort) should raise the alarm when there is embeded execution command in the http connection? Thanks Sam ------------------------------------------------------- This sf.net email is sponsored by: viaVerio will pay you up to $1,000 for every account that you consolidate with us. http://ad.doubleclick.net/clk;4749864;7604308;v? http://www.viaverio.com/consolidator/osdn.cfm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Portscan preprocessor and false positives Ben Keepper (Oct 15)
- Re: Portscan preprocessor and false positives Alberto Gonzalez (Oct 15)
- Re: Portscan preprocessor and false positives Erek Adams (Oct 15)
- snort 1.9 doesn't raise alert for httptunneling telnet... s.wun (Oct 16)
- Re: snort 1.9 doesn't raise alert for httptunneling telnet... Erek Adams (Oct 16)
- Re: Portscan preprocessor and false positives Ben Keepper (Oct 16)
- Re: Portscan preprocessor and false positives Bennett Todd (Oct 16)
- Re: Portscan preprocessor and false positives Bennett Todd (Oct 17)
- snort 1.9 doesn't raise alert for httptunneling telnet... s.wun (Oct 16)