[Snort-users] Testing Snort with Blade IDS Informer
holger at ...13256...
Wed Apr 27 11:09:47 EDT 2005
* Paul Schmehl <pauls at ...6838...>:
> >However, I was a bit disappointed about the results. Besides the back
> >orifice and the two portscan attempts, my sensor didn't detect anything
> >else of the remaining 7 attacks provided by IDS Informer.
> >In detail it didn't detect
> > - TCP DNS Zone Transfer
> I get these routinely. Something has to be wrong with your config. I'm
> also running snort 2.3.2.
I get routinely UPD DNS Zone Transfers.
> > - Smurf DOS attempt
> > - finger search
> > - IIS Unicode Traps
> > - IIS htr Buffer Overflow
> > - rpc.statd exploit
> > - traceroute attempt
> All of these have trigged from time to time on our network. Something is
> wrong with the config you're using.
I am not sure about this. Unfortunatley my network isn't large enough so that
it gets attacked regulary.
Have you tested your sensor with IDS Informer?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: Digital signature
More information about the Snort-users