Snort detector

Printable View

January 16th, 2004, 11:16 PM
Critter

Snort detector

I saw something show up in my snort logs the other day. It was labeled as snort detector but didn't have any futher details about it. I am guessing it is some type of snort sniffer. Has anyone seen this? Do you know what someone might be using to cause this to show up? I am curious about this and would like to find out a little more about it.

Critter
January 17th, 2004, 12:34 AM
slarty

Each alert will have a msg from one of the rules files which caused it, so simply look it up (grep the rules files) and look at the comments to see what it says.

Most rules also have a reference which is a web page or other resource which describes the type of traffic the rule is targetting. You can look there.

If you still don't know, stick the snort rule msg into google (or newgroups) and see what other people have posted about it

Slarty
January 17th, 2004, 02:36 AM
Critter

here is a little capture from the snort ids logs.

Date: 01/16 07:03:42
Name: (snort_decoder): T/TCP Detected
Priority: n/a
Type: n/a
IP info: 195.67.18.2:0 -> 68.61.13.128:0
References: none found SID: n/a

Notice no SID reference. I have nothing more to look at?
January 17th, 2004, 02:57 AM
Critter

Date: 01/14 20:24:14
Name: (snort_decoder): Tcp Options found with bad lengths
Priority: n/a
Type: n/a
IP info: 66.76.62.35:0 -> 68.61.13.128:0
References: none found SID: n/a

Here is another one
January 17th, 2004, 03:28 AM
Gulducat

Here is a link that should help

http://archives.neohapsis.com/archiv...3-05/0237.html
January 17th, 2004, 04:53 AM
asmir3912

if u have problems with that you should download this program to help u check for snort detectors.....

you should go on www.downloads.com and search for snort detectors.....

there is program that u need for that
txzzzz.....if u have any questions pm me.....peace out

All times are GMT +1. The time now is 02:16 AM.