Re: Snort 3.0 is not detecting shell code attacks

["Russ Combs \(rucombs\) via Snort-users" <snort-users () lists snort org>]

Please send pcap, rules, config so we can help you out.

On 6/16/19, 7:39 PM, "Snort-users on behalf of João Pedro via Snort-users"
<snort-users-bounces () lists snort org on behalf of
snort-users () lists snort org> wrote:

> I'm testing snort 3.0 with Community rules.
> Besides triggering alerts from port scans, it is not detecting Buffer
> Overflow attacks (.i.e. made with Metasploit).
> Is there a problem with the current rules in Snort 3.0? Should I
> activate/config something else?
>
> Ps: I'm testing Snort from .pcap files
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists snort org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
>
>       To unsubscribe, send an email to:
>       snort-users-leave () lists snort org
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
> Please follow these rules:
> https://snort.org/faq/what-is-the-mailing-list-etiquette

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette