[Snort-users] Need help - TCP Stream5

Parag Pote pipsparag at ...131...
Thu Apr 8 03:59:22 EDT 2010


Hi All,

I configured snort latest version on a linux PC and able to get it running. When I send UDP,ICMP attack, it is getting detected. I use snot tool for this. But TCP are not getting detected. I think it is due to stateful nature of stream5 proprocessor. So I created a TCP connection using stream socket and send attack data (which I understood after sending TCP attack packet using snot). 

So now it establishes the TCP connection and then send malicious data. But still I can not see any attacks logged in /var/log/snort/alert file. Somebody suggested use hping with data file which contains malicious data. Tried but no luck.

Here I have attached snort.conf for reference. Can somebody help me out?

Rgds,
Parag


      
-------------- next part --------------
A non-text attachment was scrubbed...
Name: snort.conf
Type: application/octet-stream
Size: 33523 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100408/2af1a5f8/attachment.obj>


More information about the Snort-users mailing list