Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] DOS attacks

from [Bob Konigsberg] Network Security [Permanent Link]
Subject: Re: [Snort-users] DOS attacks
Date: Thu, 13 Mar 2008 06:31:13 -0800 
That's not quite true - there are some vulnerabilities (Classified as DOS)
that Nessus can run which will bring down servers.  However, they're usually
clearly labeled, and can be turned off as a group.
 
I've also seen Snort alerts which thought I was being attacked when running
Nessus scans.
 
Bob

  _____  

From: snort-users-bounces@lists.sourceforge.net
[mailto:snort-users-bounces@lists.sourceforge.net] On Behalf Of Lurene A
Grenier
Sent: Thursday, March 13, 2008 6:26 AM
To: 'Kamran Shafi'; snort-users@lists.sourceforge.net
Subject: Re: [Snort-users] DOS attacks



Nessus doesn't actually exploit any vulnerabilities; it only checks banners
and parses out the versions to determine if it thinks you're vulnerable to
something.   As such, it's not doing anything actually malicious and its
activity shouldn't be detected in most cases.

 

Snort rules will generally only detect actual attacks as they focus on
detecting triggering conditions necessary to actually exploiting the
vulnerability in question.

 

_________________________

Lurene A Grenier, 

Analyst Team Lead

Senior Research Engineer

 

Office: (410) 423-1918

Mobile: (703) 839-3898

                 ,,_

SourceFire Inc. o"  )~

                 ''''

 

From: snort-users-bounces@lists.sourceforge.net
[mailto:snort-users-bounces@lists.sourceforge.net] On Behalf Of Kamran Shafi
Sent: Thursday, March 13, 2008 2:43 AM
To: snort-users@lists.sourceforge.net
Subject: [Snort-users] DOS attacks

 

P.S.

Is there a specific preprocessor to handle DOS attacks in Snort or it is
only done through the Snort rules? In specific, I couldn't find any rules
for flooding DOS attacks and the classical DOS attacks like land and
teardrop. Do I have to write my own rules to cater for these types of
attacks?

 

Further, I am conducting a full Nessus scan but Snort is only reporting very
few alerts (20 odd). Is it normal? 

-- 
Regards
Kam


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-users] DOS attacks, Lurene A Grenier
Next by Date:  Re: [Snort-users] DOS attacks, Zakai Kinan
Previous by Thread:  Re: [Snort-users] DOS attacks, Lurene A Grenier
Next by Thread:  Re: [Snort-users] DOS attacks, Zakai Kinan
Indexes:  [Date] [Thread] [Top] [All Lists]