Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: snort.org > snort-users > 03 > 020536.html (Request Expert snort.org Support)

RE: [Snort-users] snort, nessus and teardrop

From: Svein Erik Søberg <ses(at)antares.no>
Date: Fri Feb 28 2003 - 10:35:12 EST


Thanks for the quick reply.
I'm afraid my original email ended up a little less clear than I had hoped.

However, I made sure that tcpdump captured the full packets. I've also made several captures during the last week, all with the same result.

Just sent the tcpdump file through snort on a w2k machine, again without alerts.

I have to log off for the week end, so thanks in advance to anyone who bothers answering.

Have a nice week end,

Svein Erik Søberg

On Fri, 28 Feb 2003, [iso-8859-1] Svein Erik Søberg wrote:

> I have used Nessus to send a Teardrop attack. The resulting packets look

Do you need help?X

The way you descirbe it: It seems you ran Nessus, executed that attack, used tcpdump to record it, then replayed it thru Snort. If so, what snaplen was used with tcpdump? It defaults to 68.... Sometimes (most of the time) that's not enough to capture the data needed to triger rules.

Cheers!


Erek Adams

   "When things get weird, the weird turn pro." H.S. Thompson


This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list Received on Fri Feb 28 10:51:58 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 11:49:56 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library