On Sat, Jan 19, 2008 at 04:01:17PM +0100, Stefano Zanero wrote:
lkgh04@gmail.com wrote:
I setup Snort 2.8.0.1 on debian 4.0. Everything seems fine except it
doesn't alerts any TCP alerts. It sees all icmp traffics and logs
all alerts but none of TCP alerts. I used Idswakeup to test these
rules and none of alerts are firing. In snort forum, there was one
thread related to this type of trouble with 2.6 version. I tested
with -k none options and it didn't help me out.
IDSWakeup is stateless. Snort 2.8 probably ignores the out-of-state
packets it is producing.
Stefano
Ftester on the other hand is stateful:
http://dev.inversepath.com/trac/ftester
but it's kinda old-fashioned now, it's waiting for a decent rewrite. The
concept is still valid though.
Cheers
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
--
Andrea Barisani Inverse Path Ltd
Chief Security Engineer -----> <--------
<andrea@inversepath.com> http://www.inversepath.com
0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
"Pluralitas non est ponenda sine necessitate"
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
