[Snort-users] Tcp session hijacking

Meysam Farazmand farazmand.meisam at ...11827...
Sun Aug 17 05:37:51 EDT 2014


Hi all,

I used "check_session_hijacking" in stream5 preprocessor for session
hijacking attacks detection and launched a mitm attack. But snort did not
detect it. I also checked preprocessor rules for detecting this type of
attack and there was some rules in my ruleset.

Does anyone know how to configure snort to detect session hijacking and
mitm attacks?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140817/2b2cd4d0/attachment.html>


More information about the Snort-users mailing list