[Snort-users] Snort 3.0 is not detecting shell code attacks
Russ Combs (rucombs)
rucombs at cisco.com
Sun Jun 16 21:26:03 EDT 2019
Please send pcap, rules, config so we can help you out.
On 6/16/19, 7:39 PM, "Snort-users on behalf of João Pedro via Snort-users"
<snort-users-bounces at lists.snort.org on behalf of
snort-users at lists.snort.org> wrote:
>I'm testing snort 3.0 with Community rules.
>Besides triggering alerts from port scans, it is not detecting Buffer
>Overflow attacks (.i.e. made with Metasploit).
>Is there a problem with the current rules in Snort 3.0? Should I
>activate/config something else?
>Ps: I'm testing Snort from .pcap files
>Snort-users mailing list
>Snort-users at lists.snort.org
>Go to this URL to change user options or unsubscribe:
> To unsubscribe, send an email to:
> snort-users-leave at lists.snort.org
>Please visit http://blog.snort.org to stay current on all the latest
>Please follow these rules:
More information about the Snort-users