[Snort-users] run sneeze

Eric Hines eric.hines at ...8860...
Tue Aug 8 08:59:21 EDT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You will also need to disable stream4 in order to get it to generate the
alerts. It does not of course create a three-way handshake and TCP
sessions that Snort will then detect on.

Their is a product called IDS Informer (Blade Software). Using (2) NICs
it establishes the three-way handshakes, etc prior to the attack.

Best Regards,

Eric S. Hines, GCIA, CISSP
CEO, President, Chairman
Applied Watch Technologies, LLC


- --------------------------------------------------

Eric S. Hines, GCIA, CISSP
CEO, President, Chairman
Applied Watch Technologies, LLC

- --------------------------------------------------

Email:   eric.hines at ...8860...
Address: 1095 Pingree Road
         Suite 213
         Crystal Lake, IL
         60014
Tel:     (877) 262-7593 ext:327
Local:   (847) 854-5831
Fax:     (847) 854-5106
Web:     http://www.appliedwatch.com

- --------------------------------------------------
Security Management for the Open Source Enterprise





Joel Esler wrote:
> Thanks. :)
> 
> I was mistaken when I said I had never heard of Sneeze.  For some reason I was not awake.  Of course I have heard of sneeze, however, I don't think it will do you much good.
> 
> J
> 
> On Tue, Aug 08, 2006 at 09:52:42AM +0200, Jes?s G?lvez apparently sent me:
>>    Yes, I intalled the Perl module and now sneeze works (now I don?t
>>    have permissions, but this is another story :P).
>>    "I've never heard of sneeze before, does it establish full session
>>    attacks?"
>>    Sneeze just takes the protocol and string of the rules that you
>>    indicate and generates the alert.
>>    Joel Esler <joel.esler at ...1935...> escribi?:
>>
>>      Looks like you don't have the RawIP Perl Module installed for perl.
>>      You should be able to install this through cpan.
>>      I've never heard of sneeze before, does it establish full session
>>      attacks?
>>      J
>>      _________________________________________________________________
>>
>>    LLama Gratis a cualquier PC del Mundo.
>>    Llamadas a fijos y m?viles desde 1 c?ntimo por minuto.
>>    [1]http://es.voice.yahoo.com
>>
>> References
>>
>>    1. http://us.rd.yahoo.com/mail/es/tagline/messenger/*http://es.voice.yahoo.com/
> 
>> -------------------------------------------------------------------------
>> Using Tomcat but need to do more? Need to support web services, security?
>> Get stuff done quickly with pre-integrated technology to make your job easier
>> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> 
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> +---------------------------------------------------------------------+
> Joel Esler          Senior Security Consultant         1-706-627-2101
> Sourcefire    Security for the /Real/ World -- http://www.sourcefire.com
>        Snort - Open Source Network IPS/IDS -- http://www.snort.org
>          GPG Key: http://demo.sourcefire.com/jesler.pgp.key
>            AIM:eslerjoel  YMSG:eslerjoel Gtalk:eslerj
> +---------------------------------------------------------------------+
> 
> 
> 
> ------------------------------------------------------------------------
> 
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE2Iqp1va6QYTV0EMRAgELAKCQMbpYopoPLrnK3WX0EM4qF3gjQQCfQMZq
NvJlmRJFkZHnxW/MS/eJTzc=
=wzHM
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eric.hines.vcf
Type: text/x-vcard
Size: 372 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20060808/3281c55f/attachment.vcf>


More information about the Snort-users mailing list