[Snort-users] Snort 3.0 is not detecting shell code attacks

Russ Combs (rucombs) rucombs at cisco.com
Sun Jun 16 21:26:03 EDT 2019


Please send pcap, rules, config so we can help you out.

On 6/16/19, 7:39 PM, "Snort-users on behalf of João Pedro via Snort-users"
<snort-users-bounces at lists.snort.org on behalf of
snort-users at lists.snort.org> wrote:

>I'm testing snort 3.0 with Community rules.
>Besides triggering alerts from port scans, it is not detecting Buffer
>Overflow attacks (.i.e. made with Metasploit).
>Is there a problem with the current rules in Snort 3.0? Should I
>activate/config something else?
>
>Ps: I'm testing Snort from .pcap files
>
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.snort.org
>Go to this URL to change user options or unsubscribe:
>https://lists.snort.org/mailman/listinfo/snort-users
>
>	To unsubscribe, send an email to:
>	snort-users-leave at lists.snort.org
>
>Please visit http://blog.snort.org to stay current on all the latest
>Snort news!
>
>Please follow these rules:
>https://snort.org/faq/what-is-the-mailing-list-etiquette



More information about the Snort-users mailing list