Snort mailing list archives

Re: Trojans and snort

From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Mon, 21 Apr 2014 20:48:02 +0000

~~Please keep traffic on list~~

You are trying to sniff traffic to yourself.  So technically, yes, that alert is correct :)

You may want to try attacking from a different box, so the traffic crosses the network.




On Apr 21, 2014, at 3:22 PM, stephanie sokhn <sokhnstephanie () hotmail com<mailto:sokhnstephanie () hotmail com>> 
wrote:

Yes ,it was just a test for snort alerts.

--- Original Message ---

From: "Joel Esler (jesler)" <jesler () cisco com<mailto:jesler () cisco com>>
Sent: April 21, 2014 9:51 PM
To: "stephanie sokhn" <sokhnstephanie () hotmail com<mailto:sokhnstephanie () hotmail com>>
Cc: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: Re: [Snort-users] Trojans and snort

Are you running the exploit against the machine you are trying to infect?  (i.e. the same box?)


On Apr 21, 2014, at 10:28 AM, stephanie sokhn <sokhnstephanie () hotmail com<mailto:sokhnstephanie () hotmail com>> 
wrote:

hello,
 I've downloaded a trojan on ubuntu 12.04  and accessed its shell from backtrack using metasploit. The thing is that 
all the alerts received from snort were about  BAD-TRAFFIC loopback traffic and nothing more.Is there something wrong 
with my configuration? shouldn't snort detect this kind of exploits?
Is there any additional predefined rules for snort IPS that drop packets ?

would appreciate any kind of help.

------------------------------------------------------------------------------
Start Your Social Network Today - Download eXo Platform
Build your Enterprise Intranet with eXo Platform Software
Java Based Open Source Intranet - Social, Extensible, Cloud Ready
Get Started Now And Turn Your Intranet Into A Collaboration Platform
http://p.sf.net/sfu/ExoPlatform_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Start Your Social Network Today - Download eXo Platform
Build your Enterprise Intranet with eXo Platform Software
Java Based Open Source Intranet - Social, Extensible, Cloud Ready
Get Started Now And Turn Your Intranet Into A Collaboration Platform
http://p.sf.net/sfu/ExoPlatform

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Trojans and snort stephanie sokhn (Apr 21)
- Re: Trojans and snort Joel Esler (jesler) (Apr 21)
- <Possible follow-ups>
- Re: Trojans and snort Joel Esler (jesler) (Apr 21)