Re: Metasploit exploits on Snort

[Joel Esler <jesler () sourcefire com>]

On Sep 18, 2012, at 7:05 AM, Pratik Narang <pratik.cse.bits () gmail com> wrote:

> I was trying to test my Snort install and the latest rules using some Metasploit exploits. And so I started with the 
> easily doable exploits of Metasploit. But when I searched for the corresponding rules in the ruleset-by mapping the 
> CVEs- I was surprised to not find the corresponding rules for the following exploits and CVEs:
>
> distcc_exec CVE-2004-2687
> tikiwiki_graph_formula_exec CVE-2007-5423
> tomcat_mgr_login  CVE-2009-4188
>
> Any help and explanations? 
> Is there a better way to launch live exploits and test Snort?? :)

We'll look at these and see if we can provide coverage for these.  However, for now, take a look at the CVE's in the 
rules and match them up against metasploit modules.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!