Snort mailing list archives
Re: Need help - TCP Stream5
From: Joel Esler <joel.esler () me com>
Date: Thu, 08 Apr 2010 09:31:43 -0400
Is there a college class going on right now somewhere in the world that the professor is suggesting that you guys use Snot to generate alerts? This is the fourth Snot related email in about a week. -- Sent from my iPad AIM: eslerjoel On Apr 8, 2010, at 3:59 AM, Parag Pote <pipsparag () yahoo com> wrote:
Hi All, I configured snort latest version on a linux PC and able to get it running. When I send UDP,ICMP attack, it is getting detected. I use snot tool for this. But TCP are not getting detected. I think it is due to stateful nature of stream5 proprocessor. So I created a TCP connection using stream socket and send attack data (which I understood after sending TCP attack packet using snot). So now it establishes the TCP connection and then send malicious data. But still I can not see any attacks logged in /var/log/snort/alert file. Somebody suggested use hping with data file which contains malicious data. Tried but no luck. Here I have attached snort.conf for reference. Can somebody help me out? Rgds, Parag <snort.conf> ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Need help - TCP Stream5 Parag Pote (Apr 08)
- Re: Need help - TCP Stream5 Matt Olney (Apr 08)
- Re: Need help - TCP Stream5 Matt Olney (Apr 08)
- Re: Need help - TCP Stream5 Joel Esler (Apr 08)
- Re: Need help - TCP Stream5 Matt Olney (Apr 08)