[Snort-openappid] IDS detection

Costas Kleopa (ckleopa) ckleopa at ...5...
Thu May 28 11:14:01 EDT 2015


This email list is for the application detection component for snort.
You will have to resend this request to a different IPS related snort-list.

On May 28, 2015, at 7:08 AM, Firat Cemali <FiratC at ...87...<mailto:FiratC at ...87...>> wrote:

Hello,

I am a young student who like security in IT and I often test new tools. I have tested Snort with a Pfsense firewall to see if Snort can detect some attacks from a kali linux machine. It can detect many attacks but I am encountering some difficulties with 3 special attack which are:
-          Trojan: I can’t detect when a Trojan is injected to a LAN machines but can detect that a DLL is executed and a connexion is done (Trojan, backdoor, all the malware and virus rules enabled from the LAN and WAN)
-          Man in the middle attack: I have found any solutions for this type of attack (no rules…)
-          Phishing attack: like the previous attack, any solutions (phishing rules enable FROM the LAN and WAN)

For the detection, I have do it with the graphical option

I have made some research but I haven’t found anything interesting

Can you tell me if these 3 attacks are detectable or not and which package to enable or configuration to do  please ?

Thank you

Firat Cemali
------------------------------------------------------------------------------
_______________________________________________
Snort-openappid mailing list
Snort-openappid at lists.sourceforge.net<mailto:Snort-openappid at lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/snort-openappid

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20150528/b726dedf/attachment.html>


More information about the Snort-openappid mailing list