-
Snort detector
I saw something show up in my snort logs the other day. It was labeled as snort detector but didn't have any futher details about it. I am guessing it is some type of snort sniffer. Has anyone seen this? Do you know what someone might be using to cause this to show up? I am curious about this and would like to find out a little more about it.
Critter
-
Each alert will have a msg from one of the rules files which caused it, so simply look it up (grep the rules files) and look at the comments to see what it says.
Most rules also have a reference which is a web page or other resource which describes the type of traffic the rule is targetting. You can look there.
If you still don't know, stick the snort rule msg into google (or newgroups) and see what other people have posted about it
Slarty
-
here is a little capture from the snort ids logs.
Date: 01/16 07:03:42
Name: (snort_decoder): T/TCP Detected
Priority: n/a
Type: n/a
IP info: 195.67.18.2:0 -> 68.61.13.128:0
References: none found SID: n/a
Notice no SID reference. I have nothing more to look at?
-
Date: 01/14 20:24:14
Name: (snort_decoder): Tcp Options found with bad lengths
Priority: n/a
Type: n/a
IP info: 66.76.62.35:0 -> 68.61.13.128:0
References: none found SID: n/a
Here is another one
-
-
if u have problems with that you should download this program to help u check for snort detectors.....
you should go on www.downloads.com and search for snort detectors.....
there is program that u need for that
txzzzz.....if u have any questions pm me.....peace out