[Snort-users] Testing Snort with Blade IDS Informer
holger at ...13256...
Wed Apr 27 13:41:48 EDT 2005
I did some further research.
* Holger Mense <holger at ...13256...>:
> Now I have recently tested my snort sensor (using snort 2.3.2 and latest snort
> rules) with Blade Softwares IDS Informer demo version.
> However, I was a bit disappointed about the results. Besides the back orifice
> and the two portscan attempts, my sensor didn't detect anything else of the
> remaining 7 attacks provided by IDS Informer.
> In detail it didn't detect
> - TCP DNS Zone Transfer
As stated in another email in this thread, I am able to see UDP DNS Zone
Transfer alerts from real DNS servers.
> - IIS htr Buffer Overflow
After editing the rule "WEB-IIS ism.dll attempt" and changing 'uricontent:"
.htr"' in 'uricontent:".htr"' I am able to see this attack.
> - traceroute attempt
I have just checked my logs. I have already "ICMP traceroute" alerts in my
logs. However my sensor does not detect the one from IDS Informer.
So is any one here, who uses IDS Informer for testing his sensor? Is this
person using the basic snort rule set (current version)?
Thank you for your answers,
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: Digital signature
More information about the Snort-users