[Snort-users] RE: BO pre-processor

larosa, vjay larosa_vjay at ...3331...
Tue Jun 18 11:08:16 EDT 2002


I believe I might understand why I don't see any events with snort, the BO
explanation in the snort.conf does state
Back Orrifice (not BO2K). So if snort does not detect BO2K does anybody out
there know of a way to identify this
traffic on the network? Thanks!

vjl

>  -----Original Message-----
> From: 	larosa, vjay  
> Sent:	Tuesday, June 18, 2002 1:56 PM
> To:	'snort-users at lists.sourceforge.net'
> Subject:	BO pre-processor
> 
> Hello,
> 
> Has anybody done any work with the Back Orrifice 2000 Pre-Processor? I
> have been testing in my lab and snort appears to be missing
> all of the BO traffic. I have tried with and with out the -nobrute option.
> I am not that familiar with BO, but I am remote controlling the
> PC so I would expect to see some sort of alert from snort right? Thanks!
> 
> vjl




More information about the Snort-users mailing list