[Snort-users] RE: BO pre-processor
larosa_vjay at ...3331...
Tue Jun 18 11:08:16 EDT 2002
I believe I might understand why I don't see any events with snort, the BO
explanation in the snort.conf does state
Back Orrifice (not BO2K). So if snort does not detect BO2K does anybody out
there know of a way to identify this
traffic on the network? Thanks!
> -----Original Message-----
> From: larosa, vjay
> Sent: Tuesday, June 18, 2002 1:56 PM
> To: 'snort-users at lists.sourceforge.net'
> Subject: BO pre-processor
> Has anybody done any work with the Back Orrifice 2000 Pre-Processor? I
> have been testing in my lab and snort appears to be missing
> all of the BO traffic. I have tried with and with out the -nobrute option.
> I am not that familiar with BO, but I am remote controlling the
> PC so I would expect to see some sort of alert from snort right? Thanks!
More information about the Snort-users