Bugtraq: Snort exploits

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Snort exploits

From: 0xcafebabe () hushmail com
Date: Tue, 16 Apr 2002 20:07:12 -0700


I didn't see it posted to these lists, but yesterday Dug Song quietly released a tool on the focus-ids list which 
totally blindsides Snort - http://www.monkey.org/~dugsong/fragroute/index.html. His README.snort file contains several 
fragroute scripts which blindside even the current Snort version in CVS, tested on RedHat 7.2. For example, the latest 
wu-ftpd exploits run through the one line "tcp_seg 1 new" don't trigger any Snort alerts at all.
:( :(

Fragroute is a very powerful new tool. Has anyone found other attacks against Snort with it, or tried it against any 
other IDS for that matter?


-=+ 0xCafeBabe +=-




Hush provide the worlds most secure, easy to use online applications - which solution is right for you?
HushMail Secure Email http://www.hushmail.com/
HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/
Hush Business - security for your Business http://www.hush.com/
Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/

Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople

By Date By Thread

Current thread:

Snort exploits 0xcafebabe (Apr 16)
- Re: Snort exploits Dragos Ruiu (Apr 17)
- Re: Snort exploits Chris Green (Apr 24)
- <Possible follow-ups>
- RE: Snort exploits Grimes, Roger (Apr 17)
  - Re: Snort exploits Darren Reed (Apr 18)
- Re: Snort exploits Vern Paxson (Apr 18)