Snort mailing list archives
Re: Trojans and snort
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Mon, 21 Apr 2014 20:48:02 +0000
~~Please keep traffic on list~~ You are trying to sniff traffic to yourself. So technically, yes, that alert is correct :) You may want to try attacking from a different box, so the traffic crosses the network. On Apr 21, 2014, at 3:22 PM, stephanie sokhn <sokhnstephanie () hotmail com<mailto:sokhnstephanie () hotmail com>> wrote: Yes ,it was just a test for snort alerts. --- Original Message --- From: "Joel Esler (jesler)" <jesler () cisco com<mailto:jesler () cisco com>> Sent: April 21, 2014 9:51 PM To: "stephanie sokhn" <sokhnstephanie () hotmail com<mailto:sokhnstephanie () hotmail com>> Cc: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> Subject: Re: [Snort-users] Trojans and snort Are you running the exploit against the machine you are trying to infect? (i.e. the same box?) On Apr 21, 2014, at 10:28 AM, stephanie sokhn <sokhnstephanie () hotmail com<mailto:sokhnstephanie () hotmail com>> wrote: hello, I've downloaded a trojan on ubuntu 12.04 and accessed its shell from backtrack using metasploit. The thing is that all the alerts received from snort were about BAD-TRAFFIC loopback traffic and nothing more.Is there something wrong with my configuration? shouldn't snort detect this kind of exploits? Is there any additional predefined rules for snort IPS that drop packets ? would appreciate any kind of help. ------------------------------------------------------------------------------ Start Your Social Network Today - Download eXo Platform Build your Enterprise Intranet with eXo Platform Software Java Based Open Source Intranet - Social, Extensible, Cloud Ready Get Started Now And Turn Your Intranet Into A Collaboration Platform http://p.sf.net/sfu/ExoPlatform_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Start Your Social Network Today - Download eXo Platform Build your Enterprise Intranet with eXo Platform Software Java Based Open Source Intranet - Social, Extensible, Cloud Ready Get Started Now And Turn Your Intranet Into A Collaboration Platform http://p.sf.net/sfu/ExoPlatform
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Trojans and snort stephanie sokhn (Apr 21)
- Re: Trojans and snort Joel Esler (jesler) (Apr 21)
- <Possible follow-ups>
- Re: Trojans and snort Joel Esler (jesler) (Apr 21)