[Snort-users] Trojans and snort

Joel Esler (jesler) jesler at ...589...
Mon Apr 21 16:48:02 EDT 2014


~~Please keep traffic on list~~

You are trying to sniff traffic to yourself.  So technically, yes, that alert is correct :)

You may want to try attacking from a different box, so the traffic crosses the network.




On Apr 21, 2014, at 3:22 PM, stephanie sokhn <sokhnstephanie at ...125...<mailto:sokhnstephanie at ...125...>> wrote:

Yes ,it was just a test for snort alerts.

--- Original Message ---

From: "Joel Esler (jesler)" <jesler at ...589...<mailto:jesler at ...589...>>
Sent: April 21, 2014 9:51 PM
To: "stephanie sokhn" <sokhnstephanie at ...125...<mailto:sokhnstephanie at ...1209...5...>>
Cc: snort-users at lists.sourceforge.net<mailto:snort-users at ...3783...net>
Subject: Re: [Snort-users] Trojans and snort

Are you running the exploit against the machine you are trying to infect?  (i.e. the same box?)


On Apr 21, 2014, at 10:28 AM, stephanie sokhn <sokhnstephanie at ...125...<mailto:sokhnstephanie at ...125...>> wrote:

hello,
 I've downloaded a trojan on ubuntu 12.04  and accessed its shell from backtrack using metasploit. The thing is that all the alerts received from snort were about  BAD-TRAFFIC loopback traffic and nothing more.Is there something wrong with my configuration? shouldn't snort detect this kind of exploits?
Is there any additional predefined rules for snort IPS that drop packets ?

would appreciate any kind of help.

------------------------------------------------------------------------------
Start Your Social Network Today - Download eXo Platform
Build your Enterprise Intranet with eXo Platform Software
Java Based Open Source Intranet - Social, Extensible, Cloud Ready
Get Started Now And Turn Your Intranet Into A Collaboration Platform
http://p.sf.net/sfu/ExoPlatform_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140421/24cdaef3/attachment.html>


More information about the Snort-users mailing list