[Snort-openappid] IDS detection

Firat Cemali FiratC at ...87...
Thu May 28 07:08:31 EDT 2015


Hello,

I am a young student who like security in IT and I often test new tools. I have tested Snort with a Pfsense firewall to see if Snort can detect some attacks from a kali linux machine. It can detect many attacks but I am encountering some difficulties with 3 special attack which are:

-          Trojan: I can't detect when a Trojan is injected to a LAN machines but can detect that a DLL is executed and a connexion is done (Trojan, backdoor, all the malware and virus rules enabled from the LAN and WAN)

-          Man in the middle attack: I have found any solutions for this type of attack (no rules...)

-          Phishing attack: like the previous attack, any solutions (phishing rules enable FROM the LAN and WAN)

For the detection, I have do it with the graphical option

I have made some research but I haven't found anything interesting

Can you tell me if these 3 attacks are detectable or not and which package to enable or configuration to do  please ?

Thank you

Firat Cemali
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20150528/c6553eab/attachment.html>


More information about the Snort-openappid mailing list