[Snort-users] How to Triggering Windows Exploits?

Joshua Berry jberry at ...11848...
Tue May 25 13:41:12 EDT 2004

Snort will not verify OS or Services running on the target machine
unless you patch it with something like the Attack Verification patch
that uses Nessus to verify actual vulnerabilities of the target.

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of
ids at ...8382...
Sent: Tuesday, May 25, 2004 2:46 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] How to Triggering Windows Exploits?

Hi everyone-

I have a simple question. Is it true that some Snort alerts are only
triggered if the target computer is vulnerable to that attack? To be a
little more specific... if an attacks targets an exploit in Windows 2000
and I only have Linux running in my network will Snort alert me to those
Windows attacks? The reason I ask is because I have a Snort sensor
detecting detecting attacks against a Linux box running Apache. I
noticed that the only attacks I detect are SQL, HTTP and Linux related.
About a week ago for a brief time an associate put a Windows 2k box off
of the hub and I started to get hit with these Alerts I had never seen
before (MS Exploits). I want to capture more data on the amount of
exploits attacks on Windows and was wondering for me to gather that data
would I have to have a Windows computer on the network Snort is sensing?
Thanks in advance!


This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.

Take an Oracle 10g class now, and we'll give you the exam FREE.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list