[Snort-openappid] IDS detection
FiratC at ...87...
Thu May 28 07:08:31 EDT 2015
I am a young student who like security in IT and I often test new tools. I have tested Snort with a Pfsense firewall to see if Snort can detect some attacks from a kali linux machine. It can detect many attacks but I am encountering some difficulties with 3 special attack which are:
- Trojan: I can't detect when a Trojan is injected to a LAN machines but can detect that a DLL is executed and a connexion is done (Trojan, backdoor, all the malware and virus rules enabled from the LAN and WAN)
- Man in the middle attack: I have found any solutions for this type of attack (no rules...)
- Phishing attack: like the previous attack, any solutions (phishing rules enable FROM the LAN and WAN)
For the detection, I have do it with the graphical option
I have made some research but I haven't found anything interesting
Can you tell me if these 3 attacks are detectable or not and which package to enable or configuration to do please ?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-openappid