[Snort-users] Testing Snort with Blade IDS Informer

Paul Schmehl pauls at ...6838...
Wed Apr 27 10:59:37 EDT 2005


--On Wednesday, April 27, 2005 07:47:53 PM +0200 Holger Mense 
<holger at ...13256...> wrote:
>
> However, I was a bit disappointed about the results. Besides the back
> orifice  and the two portscan attempts, my sensor didn't detect anything
> else of the  remaining 7 attacks provided by IDS Informer.
>
> In detail it didn't detect
>  - TCP DNS Zone Transfer

I get these routinely.  Something has to be wrong with your config.  I'm 
also running snort 2.3.2.

>  - Smurf DOS attempt
>  - finger search
>  - IIS Unicode Traps
>  - IIS htr Buffer Overflow
>  - rpc.statd exploit
>  - traceroute attempt
>
All of these have trigged from time to time on our network.  Something is 
wrong with the config you're using.

Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu




More information about the Snort-users mailing list