[Snort-users] Testing Snort with Blade IDS Informer

Holger Mense holger at ...13256...
Wed Apr 27 11:09:47 EDT 2005


* Paul Schmehl <pauls at ...6838...>:

> >However, I was a bit disappointed about the results. Besides the back
> >orifice  and the two portscan attempts, my sensor didn't detect anything
> >else of the  remaining 7 attacks provided by IDS Informer.
> >
> >In detail it didn't detect
> > - TCP DNS Zone Transfer
> 
> I get these routinely.  Something has to be wrong with your config.  I'm 
> also running snort 2.3.2.

I get routinely UPD DNS Zone Transfers.

> > - Smurf DOS attempt
> > - finger search
> > - IIS Unicode Traps
> > - IIS htr Buffer Overflow
> > - rpc.statd exploit
> > - traceroute attempt
> >
> All of these have trigged from time to time on our network.  Something is 
> wrong with the config you're using.

I am not sure about this. Unfortunatley my network isn't large enough so that 
it gets attacked regulary.

Have you tested your sensor with IDS Informer? 

Thanks,
Holger

-- 
Holger Mense
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050427/96b1244a/attachment.sig>


More information about the Snort-users mailing list