Snort mailing list archives

Re: Blackhole exploit kit...not so GREat...

From: Joel Esler <jesler () sourcefire com>
Date: Wed, 21 Nov 2012 11:16:09 -0500

On Nov 20, 2012, at 11:10 AM, Balasubramaniam Natarajan <bala150985 () gmail com> wrote:

The snort manual says that snort cannot work with GRE protocol, how to find out this infection if a person get 
infected outside the network where snort is monitoring ?


http://manual.snort.org/node10.html

If you compile snort with --enable-gre (which is on by default when you compile) it'll decode the gre layer.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Blackhole exploit kit...not so GREat... Lay, James (Nov 20)
- Re: Blackhole exploit kit...not so GREat... Balasubramaniam Natarajan (Nov 21)
  - Re: Blackhole exploit kit...not so GREat... Joel Esler (Nov 21)