Results 1 to 6 of 6

Thread: Snort detector

  1. #1
    Member
    Join Date
    Nov 2003
    Posts
    30

    Snort detector

    I saw something show up in my snort logs the other day. It was labeled as snort detector but didn't have any futher details about it. I am guessing it is some type of snort sniffer. Has anyone seen this? Do you know what someone might be using to cause this to show up? I am curious about this and would like to find out a little more about it.


    Critter

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Each alert will have a msg from one of the rules files which caused it, so simply look it up (grep the rules files) and look at the comments to see what it says.

    Most rules also have a reference which is a web page or other resource which describes the type of traffic the rule is targetting. You can look there.

    If you still don't know, stick the snort rule msg into google (or newgroups) and see what other people have posted about it

    Slarty

  3. #3
    Member
    Join Date
    Nov 2003
    Posts
    30
    here is a little capture from the snort ids logs.

    Date: 01/16 07:03:42
    Name: (snort_decoder): T/TCP Detected
    Priority: n/a
    Type: n/a
    IP info: 195.67.18.2:0 -> 68.61.13.128:0
    References: none found SID: n/a

    Notice no SID reference. I have nothing more to look at?

  4. #4
    Member
    Join Date
    Nov 2003
    Posts
    30
    Date: 01/14 20:24:14
    Name: (snort_decoder): Tcp Options found with bad lengths
    Priority: n/a
    Type: n/a
    IP info: 66.76.62.35:0 -> 68.61.13.128:0
    References: none found SID: n/a

    Here is another one

  5. #5
    Junior Member
    Join Date
    Nov 2003
    Posts
    15
    \"Any sufficiently advanced technology is indistinguishable from magic.\" - Arthur C. Clarke

  6. #6
    if u have problems with that you should download this program to help u check for snort detectors.....

    you should go on www.downloads.com and search for snort detectors.....

    there is program that u need for that
    txzzzz.....if u have any questions pm me.....peace out

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •