[Snort-users] Testing Snort with Blade IDS Informer
pauls at ...6838...
Wed Apr 27 10:59:37 EDT 2005
--On Wednesday, April 27, 2005 07:47:53 PM +0200 Holger Mense
<holger at ...13256...> wrote:
> However, I was a bit disappointed about the results. Besides the back
> orifice and the two portscan attempts, my sensor didn't detect anything
> else of the remaining 7 attacks provided by IDS Informer.
> In detail it didn't detect
> - TCP DNS Zone Transfer
I get these routinely. Something has to be wrong with your config. I'm
also running snort 2.3.2.
> - Smurf DOS attempt
> - finger search
> - IIS Unicode Traps
> - IIS htr Buffer Overflow
> - rpc.statd exploit
> - traceroute attempt
All of these have trigged from time to time on our network. Something is
wrong with the config you're using.
Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
More information about the Snort-users