Snort vs Hunt v1.5
From: Rick Zhong (isc00801@nus.edu.sg)Date: 10/07/02
- Previous message: Greg Shipley: "Re: IDS Informer"
- In reply to: David W. Goodrum: "Re: IDS Informer"
- Next in thread: Kevin Saenz: "RE: Snort vs Hunt v1.5"
- Next in thread: Greg Shipley: "Re: IDS Informer"
- Reply: Kevin Saenz: "RE: Snort vs Hunt v1.5"
- Reply: shannong: "RE: Snort vs Hunt v1.5"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Rick Zhong" <isc00801@nus.edu.sg> To: <focus-ids@securityfocus.com> Date: Mon, 7 Oct 2002 18:51:57 +0800
hi,
Does snort able to detect ip/ARP hijacking implemented by using Hunt v1.5 ?
I have this setup:
Host A: Linux 7.3
IP 192.18.10.1 (with telnet server and snort installed)
Host B: Linux 7.3
IP 192.18.10.4 (client to the host A)
Intruder
IP 192.18.10.8 (with snot installed)
It seems the intruder is able to catch all the telnet connection between
host A and host B, however the snort on host A is not able to detect the
intrusion. I am using the default snort rules in the snort package. So is
there any available rules or signature which can be used to detect this type
of intrusion.
regards,
Rick
- Previous message: Greg Shipley: "Re: IDS Informer"
- In reply to: David W. Goodrum: "Re: IDS Informer"
- Next in thread: Kevin Saenz: "RE: Snort vs Hunt v1.5"
- Next in thread: Greg Shipley: "Re: IDS Informer"
- Reply: Kevin Saenz: "RE: Snort vs Hunt v1.5"
- Reply: shannong: "RE: Snort vs Hunt v1.5"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
