[Snort-users] Need help - TCP Stream5

Joel Esler joel.esler at ...14399...
Thu Apr 8 09:31:43 EDT 2010


Is there a college class going on right now somewhere in the world that the professor is suggesting that you guys use Snot to generate alerts?  This is the fourth Snot related email in about a week. 

--
Sent from my iPad
AIM: eslerjoel

On Apr 8, 2010, at 3:59 AM, Parag Pote <pipsparag at ...131...> wrote:

> Hi All,
> 
> I configured snort latest version on a linux PC and able to get it running. When I send UDP,ICMP attack, it is getting detected. I use snot tool for this. But TCP are not getting detected. I think it is due to stateful nature of stream5 proprocessor. So I created a TCP connection using stream socket and send attack data (which I understood after sending TCP attack packet using snot). 
> 
> So now it establishes the TCP connection and then send malicious data. But still I can not see any attacks logged in /var/log/snort/alert file. Somebody suggested use hping with data file which contains malicious data. Tried but no luck.
> 
> Here I have attached snort.conf for reference. Can somebody help me out?
> 
> Rgds,
> Parag
> 
> 
> <snort.conf>
> ------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list