Snort mailing list archives

Tcp session hijacking

From: Meysam Farazmand <farazmand.meisam () gmail com>
Date: Sun, 17 Aug 2014 14:07:51 +0430

Hi all,

I used "check_session_hijacking" in stream5 preprocessor for session
hijacking attacks detection and launched a mitm attack. But snort did not
detect it. I also checked preprocessor rules for detecting this type of
attack and there was some rules in my ruleset.

Does anyone know how to configure snort to detect session hijacking and
mitm attacks?

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Tcp session hijacking Meysam Farazmand (Aug 17)
- Re: Tcp session hijacking waldo kitty (Aug 17)
  - Re: Tcp session hijacking Meysam Farazmand (Aug 19)
    - Re: Tcp session hijacking Joel Esler (jesler) (Aug 19)
    - Re: Tcp session hijacking Meysam Farazmand (Aug 19)
    - Re: Tcp session hijacking Joel Esler (jesler) (Aug 19)
    - Re: Tcp session hijacking Meysam Farazmand (Aug 19)
    - Re: Tcp session hijacking Russ Combs (rucombs) (Aug 19)
    - Re: Tcp session hijacking Meysam Farazmand (Aug 19)
    - Re: Tcp session hijacking Russ Combs (rucombs) (Aug 19)
    - Re: Tcp session hijacking Jefferson, Shawn (Aug 19)

(Thread continues...)