Snort mailing list archives
Re: Testing Snort with Blade IDS Informer
From: Holger Mense <holger () project2501 de>
Date: Wed, 27 Apr 2005 20:07:18 +0200
* Paul Schmehl <pauls () utdallas edu>:
However, I was a bit disappointed about the results. Besides the back orifice and the two portscan attempts, my sensor didn't detect anything else of the remaining 7 attacks provided by IDS Informer. In detail it didn't detect - TCP DNS Zone TransferI get these routinely. Something has to be wrong with your config. I'm also running snort 2.3.2.
I get routinely UPD DNS Zone Transfers.
- Smurf DOS attempt - finger search - IIS Unicode Traps - IIS htr Buffer Overflow - rpc.statd exploit - traceroute attemptAll of these have trigged from time to time on our network. Something is wrong with the config you're using.
I am not sure about this. Unfortunatley my network isn't large enough so that it gets attacked regulary. Have you tested your sensor with IDS Informer? Thanks, Holger -- Holger Mense
Attachment:
signature.asc
Description: Digital signature
Current thread:
- Testing Snort with Blade IDS Informer Holger Mense (Apr 27)
- Re: Testing Snort with Blade IDS Informer Paul Schmehl (Apr 27)
- Re: Testing Snort with Blade IDS Informer Holger Mense (Apr 27)
- Re: Testing Snort with Blade IDS Informer Holger Mense (Apr 27)
- Re: Testing Snort with Blade IDS Informer Paul Schmehl (Apr 27)