Snort mailing list archives

Re: Trojans and snort

From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Mon, 21 Apr 2014 18:50:58 +0000

Are you running the exploit against the machine you are trying to infect?  (i.e. the same box?)


On Apr 21, 2014, at 10:28 AM, stephanie sokhn <sokhnstephanie () hotmail com<mailto:sokhnstephanie () hotmail com>> 
wrote:

hello,
 I've downloaded a trojan on ubuntu 12.04  and accessed its shell from backtrack using metasploit. The thing is that 
all the alerts received from snort were about  BAD-TRAFFIC loopback traffic and nothing more.Is there something wrong 
with my configuration? shouldn't snort detect this kind of exploits?
Is there any additional predefined rules for snort IPS that drop packets ?

would appreciate any kind of help.

------------------------------------------------------------------------------
Start Your Social Network Today - Download eXo Platform
Build your Enterprise Intranet with eXo Platform Software
Java Based Open Source Intranet - Social, Extensible, Cloud Ready
Get Started Now And Turn Your Intranet Into A Collaboration Platform
http://p.sf.net/sfu/ExoPlatform_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Start Your Social Network Today - Download eXo Platform
Build your Enterprise Intranet with eXo Platform Software
Java Based Open Source Intranet - Social, Extensible, Cloud Ready
Get Started Now And Turn Your Intranet Into A Collaboration Platform
http://p.sf.net/sfu/ExoPlatform

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Trojans and snort stephanie sokhn (Apr 21)
- Re: Trojans and snort Joel Esler (jesler) (Apr 21)
- <Possible follow-ups>
- Re: Trojans and snort Joel Esler (jesler) (Apr 21)