Snort vs Hunt v1.5

From: Rick Zhong (isc00801@nus.edu.sg)
Date: 10/07/02


From: "Rick Zhong" <isc00801@nus.edu.sg>
To: <focus-ids@securityfocus.com>
Date: Mon, 7 Oct 2002 18:51:57 +0800

hi,
Does snort able to detect ip/ARP hijacking implemented by using Hunt v1.5 ?

I have this setup:
Host A: Linux 7.3
IP 192.18.10.1 (with telnet server and snort installed)

Host B: Linux 7.3
IP 192.18.10.4 (client to the host A)

Intruder
IP 192.18.10.8 (with snot installed)

It seems the intruder is able to catch all the telnet connection between
host A and host B, however the snort on host A is not able to detect the
intrusion. I am using the default snort rules in the snort package. So is
there any available rules or signature which can be used to detect this type
of intrusion.

regards,
Rick



Relevant Pages

  • RE: Host based IDS methodology and testing
    ... I've successfully deployed Snort as a HIDS on a number of production servers ... Host based IDS methodology and testing ...
    (Focus-IDS)
  • RE: Snort vs Hunt v1.5
    ... Snort can detect APR "flip flopping". ... # unicast ARP requests, ... ify one host IP MAC combo per line. ... IP 192.18.10.1 (with telnet server and snort installed) ...
    (Focus-IDS)
  • Re: Portscan detected from 192.168.100.100
    ... > I use snort for IDS ans Today, i have been been scan from host ... > 192.168.100.100, but in my network, i don't use this ip:( ...
    (comp.os.linux.security)
  • RE: Snort vs Hunt v1.5
    ... > Snort is designed to analyse the network traffic and alert you as to any attempted breach of security. ... > Hunt and Snort are as different as chalk and cheese ... > Host A: Linux 7.3 ... I am using the default snort rules in the snort package. ...
    (Focus-IDS)
  • Re: Q: Is that possible to start my own basement web server with Linux?
    ... >> Linux don't prevent you from running your own web host in your basement, ... >> streams, this will consume a lot of your hard drive space and bandwidth, ... >> the bandwidth while the rest gets messages about the web server being to ...
    (alt.linux)