Network Security: Detailed info on Re: [Snort-users] Testing Snort with Blade IDS Informer

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Snort-Users

[Top] [All Lists]

Re: [Snort-users] Testing Snort with Blade IDS Informer

from [Holger Mense] Network Security

[Permanent Link]

Subject:	Re: [Snort-users] Testing Snort with Blade IDS Informer
Date:	Wed, 27 Apr 2005 20:07:18 +0200

* Paul Schmehl <pauls@utdallas.edu>:

However, I was a bit disappointed about the results. Besides the back
orifice  and the two portscan attempts, my sensor didn't detect anything
else of the  remaining 7 attacks provided by IDS Informer.

In detail it didn't detect
- TCP DNS Zone Transfer


I get these routinely.  Something has to be wrong with your config.  I'm 
also running snort 2.3.2.


I get routinely UPD DNS Zone Transfers.

- Smurf DOS attempt
- finger search
- IIS Unicode Traps
- IIS htr Buffer Overflow
- rpc.statd exploit
- traceroute attempt

All of these have trigged from time to time on our network.  Something is 
wrong with the config you're using.


I am not sure about this. Unfortunatley my network isn't large enough so that 
it gets attacked regulary.

Have you tested your sensor with IDS Informer? 

Thanks,
Holger

-- 
Holger Mense

signature.asc
Description: Digital signature

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Snort-users] Testing Snort with Blade IDS Informer, Holger Mense Re: [Snort-users] Testing Snort with Blade IDS Informer, Paul Schmehl Re: [Snort-users] Testing Snort with Blade IDS Informer, Holger Mense <= Re: [Snort-users] Testing Snort with Blade IDS Informer, Holger Mense

Previous by Date:	Re: [Snort-users] Testing Snort with Blade IDS Informer, Paul Schmehl
Next by Date:	Re: [Snort-users] Rogue system detection, Skip Carter
Previous by Thread:	Re: [Snort-users] Testing Snort with Blade IDS Informer, Paul Schmehl
Next by Thread:	Re: [Snort-users] Testing Snort with Blade IDS Informer, Holger Mense
Indexes:	[Date] [Thread] [Top] [All Lists]