Snort mailing list archives

Detecting w3af scans

From: Bruno PEPPER <laplum3n0ir () gmail com>
Date: Wed, 30 Sep 2015 21:15:09 +0530

Hi,

I am running snort (2.9.6.0 GRE (Build 47)) on ubuntu 14.04 in the IDS mode along with ET rules for 2.9

The snort command:
snort -d -i eth1 -c /etc/snort/snort.conf -l /var/log/snort -A console

Emergingrules: 
sid-msg.map:2007757 || ET SCAN w3af User Agent || url,doc.emergingthreats.net/2007757 || url,w3af.sourceforge.net
sid-msg.map:2011027 || ET SCAN w3af Scan In Progress ARGENTINA Req Method || url,doc.emergingthreats.net/2011027 || 
url,w3af.sourceforge.net
sid-msg.map:2011389 || ET SCAN w3af Scan Remote File Include Retrieval || url,w3af.sourceforge.net

Still unable to detect these scans, infact this seems to be the case with a standard SQLMap as well.

Any / all help is welcome :)

Bruno.

------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Detecting w3af scans Bruno PEPPER (Sep 30)
- Re: Detecting w3af scans Al Lewis (allewi) (Sep 30)
  - Re: Detecting w3af scans Bruno Pepper (Sep 30)
    - Re: Detecting w3af scans James Lay (Sep 30)
- Re: Detecting w3af scans waldo kitty (Sep 30)