Snort mailing list archives

Snort 3.0 is not detecting shell code attacks

From: João Pedro via Snort-users <snort-users () lists snort org>
Date: Sun, 16 Jun 2019 23:39:30 +0000

I'm testing snort 3.0 with Community rules.
Besides triggering alerts from port scans, it is not detecting Buffer 
Overflow attacks (.i.e. made with Metasploit).
Is there a problem with the current rules in Snort 3.0? Should I 
activate/config something else?

Ps: I'm testing Snort from .pcap files

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Current thread:

Snort 3.0 is not detecting shell code attacks João Pedro via Snort-users (Jun 16)
- <Possible follow-ups>
- Re: Snort 3.0 is not detecting shell code attacks Russ Combs (rucombs) via Snort-users (Jun 16)
  - Re: Snort 3.0 is not detecting shell code attacks João Pedro via Snort-users (Jun 17)
    - Re: Snort 3.0 is not detecting shell code attacks João Pedro via Snort-users (Jun 17)
    - Re: Snort 3.0 is not detecting shell code attacks Dorian ROSSE via Snort-users (Jun 17)
    - Re: Snort 3.0 is not detecting shell code attacks João Pedro via Snort-users (Jun 17)
    - Re: Snort 3.0 is not detecting shell code attacks Russ Combs (rucombs) via Snort-users (Jun 17)
    - Re: Snort 3.0 is not detecting shell code attacks João Pedro via Snort-users (Jun 17)
    - Re: Snort 3.0 is not detecting shell code attacks Dorian ROSSE via Snort-users (Jun 18)
    - Re: Snort 3.0 is not detecting shell code attacks Dorian ROSSE via Snort-users (Jun 18)
    - Message not available
    - Re: Snort 3.0 is not detecting shell code attacks Chankit Dureja (Jun 19)

(Thread continues...)