Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] Testing Snort with Blade IDS Informer

from [Holger Mense] Network Security [Permanent Link]
Subject: Re: [Snort-users] Testing Snort with Blade IDS Informer
Date: Wed, 27 Apr 2005 22:39:54 +0200 
Hello,

I did some further research.

* Holger Mense <holger@project2501.de>:


Now I have recently tested my snort sensor (using snort 2.3.2 and latest 
snort 
rules) with Blade Softwares IDS Informer demo version.

However, I was a bit disappointed about the results. Besides the back orifice 
and the two portscan attempts, my sensor didn't detect anything else of the 
remaining 7 attacks provided by IDS Informer.

In detail it didn't detect
 - TCP DNS Zone Transfer

As stated in another email in this thread, I am able to see UDP DNS Zone 
Transfer alerts from real DNS servers.


 - IIS htr Buffer Overflow

After editing the rule "WEB-IIS ism.dll attempt" and changing 'uricontent:" 
.htr"' in 'uricontent:".htr"' I am able to see this attack.


 - traceroute attempt

I have just checked my logs. I have already "ICMP traceroute" alerts in my 
logs. However my sensor does not detect the one from IDS Informer.

So is any one here, who uses IDS Informer for testing his sensor? Is this 
person using the basic snort rule set (current version)? 

Thank you for your answers,
Holger

-- 
Holger Mense

Attachment: signature.asc
Description: Digital signature

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-users] Rogue system detection, Skip Carter
Next by Date:  Re: [Snort-users] snort 2.3.3 --enable-flexresp, hans
Previous by Thread:  Re: [Snort-users] Testing Snort with Blade IDS Informer, Holger Mense
Next by Thread:  [Snort-users] Snort 2.3.3 and mysql logging, Adam Kennedy
Indexes:  [Date] [Thread] [Top] [All Lists]