Home page logo

snort logo Snort mailing list archives

Re: Tools invisible to SNORT
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 17 Apr 2013 10:04:33 -0400

On Apr 17, 2013, at 9:49 AM, Juan Camilo Valencia <juan.valencia () seguratec com co> wrote:

Hi guys,

I have a question about this, 

is this true?, if yes, how is possible to develop a set of rules to detect the behavior of this tool. 

Note: I hope that Joel help me with the answer,

As usual when a tool comes out that says "We can bypass Snort OMG!", it's 99.9% of the time a misconfiguration on the 
person's side, or something like that.  In this case, Snort catches this traffic with the following alert:


Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]