Snort mailing list archives

snort 1.9 doesn't raise alert for httptunneling telnet...

From: "s.wun" <s.wun () thales-is com hk>
Date: Wed, 16 Oct 2002 15:47:16 +0800

I found that snort 1.9 doesn't raise any alert/alarm when using httptunnel
execute telnet command thru port 8888.
tcpdump indicate that after logon thru port 8888 (and redirected to port
23), running ls command is embedded in the http connection. However snort
1.9 doesn't give any warning, is this normal? What other hacking tool I can
demonstrate that IDS (snort) should raise the alarm when there is embeded
execution command in the http connection?

Thanks
Sam



-------------------------------------------------------
This sf.net email is sponsored by: viaVerio will pay you up to
$1,000 for every account that you consolidate with us.
http://ad.doubleclick.net/clk;4749864;7604308;v?
http://www.viaverio.com/consolidator/osdn.cfm
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Portscan preprocessor and false positives Ben Keepper (Oct 15)
- Re: Portscan preprocessor and false positives Alberto Gonzalez (Oct 15)
- Re: Portscan preprocessor and false positives Erek Adams (Oct 15)
  - snort 1.9 doesn't raise alert for httptunneling telnet... s.wun (Oct 16)
    - Re: snort 1.9 doesn't raise alert for httptunneling telnet... Erek Adams (Oct 16)
  - Re: Portscan preprocessor and false positives Ben Keepper (Oct 16)
    - Re: Portscan preprocessor and false positives Bennett Todd (Oct 16)
    - Re: Portscan preprocessor and false positives Bennett Todd (Oct 17)