-
January 16th, 2004, 11:16 PM
#1
Member
Snort detector
I saw something show up in my snort logs the other day. It was labeled as snort detector but didn't have any futher details about it. I am guessing it is some type of snort sniffer. Has anyone seen this? Do you know what someone might be using to cause this to show up? I am curious about this and would like to find out a little more about it.
Critter
-
January 17th, 2004, 12:34 AM
#2
Each alert will have a msg from one of the rules files which caused it, so simply look it up (grep the rules files) and look at the comments to see what it says.
Most rules also have a reference which is a web page or other resource which describes the type of traffic the rule is targetting. You can look there.
If you still don't know, stick the snort rule msg into google (or newgroups) and see what other people have posted about it
Slarty
-
January 17th, 2004, 02:36 AM
#3
Member
here is a little capture from the snort ids logs.
Date: 01/16 07:03:42
Name: (snort_decoder): T/TCP Detected
Priority: n/a
Type: n/a
IP info: 195.67.18.2:0 -> 68.61.13.128:0
References: none found SID: n/a
Notice no SID reference. I have nothing more to look at?
-
January 17th, 2004, 02:57 AM
#4
Member
Date: 01/14 20:24:14
Name: (snort_decoder): Tcp Options found with bad lengths
Priority: n/a
Type: n/a
IP info: 66.76.62.35:0 -> 68.61.13.128:0
References: none found SID: n/a
Here is another one
-
January 17th, 2004, 03:28 AM
#5
Junior Member
\"Any sufficiently advanced technology is indistinguishable from magic.\" - Arthur C. Clarke
-
January 17th, 2004, 04:53 AM
#6
if u have problems with that you should download this program to help u check for snort detectors.....
you should go on www.downloads.com and search for snort detectors.....
there is program that u need for that
txzzzz.....if u have any questions pm me.....peace out
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|