[Snort-users] How to Triggering Windows Exploits?

ids at ...8382... ids at ...8382...
Tue May 25 12:47:10 EDT 2004


Hi everyone-


I have a simple question. Is it true that some Snort alerts are only triggered if the target computer is vulnerable to that attack? To be a little more specific... if an attacks targets an exploit in Windows 2000 and I only have Linux running in my network will Snort alert me to those Windows attacks? The reason I ask is because I have a Snort sensor detecting detecting attacks against a Linux box running Apache. I noticed that the only attacks I detect are SQL, HTTP and Linux related. About a week ago for a brief time an associate put a Windows 2k box off of the hub and I started to get hit with these Alerts I had never seen before (MS Exploits). I want to capture more data on the amount of exploits attacks on Windows and was wondering for me to gather that data would I have to have a Windows computer on the network Snort is sensing? Thanks in advance!


Alan     





More information about the Snort-users mailing list