Re: [Snort-users] run sneeze

This is a multi-part message in MIME format.
--------------010503030305070107010603
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You will also need to disable stream4 in order to get it to generate the
alerts. It does not of course create a three-way handshake and TCP
sessions that Snort will then detect on.

Their is a product called IDS Informer (Blade Software). Using (2) NICs
it establishes the three-way handshakes, etc prior to the attack.

Best Regards,

Eric S. Hines, GCIA, CISSP
CEO, President, Chairman
Applied Watch Technologies, LLC


- --------------------------------------------------

Eric S. Hines, GCIA, CISSP
CEO, President, Chairman
Applied Watch Technologies, LLC

- --------------------------------------------------

Email: eric.hines@appliedwatch.com
Address: 1095 Pingree Road
Suite 213
Crystal Lake, IL
60014
Tel: (877) 262-7593 ext:327
Local: (847) 854-5831
Fax: (847) 854-5106
Web: http://www.appliedwatch.com

- --------------------------------------------------
Security Management for the Open Source Enterprise





Joel Esler wrote:
> Thanks. :)
>
> I was mistaken when I said I had never heard of Sneeze. For some reason I was not awake. Of course I have heard of sneeze, however, I don't think it will do you much good.
>
> J
>
> On Tue, Aug 08, 2006 at 09:52:42AM +0200, Jes?s G?lvez apparently sent me:
>> Yes, I intalled the Perl module and now sneeze works (now I don?t
>> have permissions, but this is another story :P).
>> "I've never heard of sneeze before, does it establish full session
>> attacks?"
>> Sneeze just takes the protocol and string of the rules that you
>> indicate and generates the alert.
>> Joel Esler <joel.esler@sourcefire.com> escribi?:
>>
>> Looks like you don't have the RawIP Perl Module installed for perl.
>> You should be able to install this through cpan.
>> I've never heard of sneeze before, does it establish full session
>> attacks?
>> J
>> __________________________________________________ _______________
>>
>> LLama Gratis a cualquier PC del Mundo.
>> Llamadas a fijos y m?viles desde 1 c?ntimo por minuto.
>> [1]http://es.voice.yahoo.com
>>
>> References
>>
>> 1. http://us.rd.yahoo.com/mail/es/tagli...ice.yahoo.com/
>
>> -------------------------------------------------------------------------
>> Using Tomcat but need to do more? Need to support web services, security?
>> Get stuff done quickly with pre-integrated technology to make your job easier
>> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
>> http://sel.as-us.falkag.net/sel?cmd=...057&dat=121642
>
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users@lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/...fo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.p...st=snort-users
>
> +---------------------------------------------------------------------+
> Joel Esler Senior Security Consultant 1-706-627-2101
> Sourcefire Security for the /Real/ World -- http://www.sourcefire.com
> Snort - Open Source Network IPS/IDS -- http://www.snort.org
> GPG Key: http://demo.sourcefire.com/jesler.pgp.key
> AIM:eslerjoel YMSG:eslerjoel Gtalk:eslerj
> +---------------------------------------------------------------------+
>
>
>
> ------------------------------------------------------------------------
>
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=...057&dat=121642
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/...fo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.p...st=snort-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE2Iqp1va6QYTV0EMRAgELAKCQMbpYopoPLrnK3WX0EM 4qF3gjQQCfQMZq
NvJlmRJFkZHnxW/MS/eJTzc=
=wzHM
-----END PGP SIGNATURE-----

--------------010503030305070107010603
Content-Type: text/x-vcard; charset=utf-8;
name="eric.hines.vcf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="eric.hines.vcf"

begin:vcard
fn:Eric Hines
n:Hines;Eric
org:Applied Watch Technologies, LLC;Administration
adr:Suite 213;;1095 Pingree Road;Crystal Lake;IL;60014;USA
email;internet:eric.hines@appliedwatch.com
title:CEO, President, Chairman
tel;work:(877) 262-7593 ext:327
tel;fax:(847) 854-5106
tel;cell:(847) 456-6785
x-mozilla-html:FALSE
url:http://www.appliedwatch.com
version:2.1
end:vcard


--------------010503030305070107010603
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=...057&dat=121642
--------------010503030305070107010603
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users
--------------010503030305070107010603--