[Snort-users] Need help - TCP Stream5
pipsparag at ...131...
Thu Apr 8 03:59:22 EDT 2010
I configured snort latest version on a linux PC and able to get it running. When I send UDP,ICMP attack, it is getting detected. I use snot tool for this. But TCP are not getting detected. I think it is due to stateful nature of stream5 proprocessor. So I created a TCP connection using stream socket and send attack data (which I understood after sending TCP attack packet using snot).
So now it establishes the TCP connection and then send malicious data. But still I can not see any attacks logged in /var/log/snort/alert file. Somebody suggested use hping with data file which contains malicious data. Tried but no luck.
Here I have attached snort.conf for reference. Can somebody help me out?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 33523 bytes
Desc: not available
More information about the Snort-users