On Sat, Jan 19, 2008 at 04:01:17PM +0100, Stefano Zanero wrote: > [EMAIL PROTECTED] wrote: >> I setup Snort 2.8.0.1 on debian 4.0. Everything seems fine except it >> doesn't alerts any TCP alerts. It sees all icmp traffics and logs >> all alerts but none of TCP alerts. I used Idswakeup to test these >> rules and none of alerts are firing. In snort forum, there was one >> thread related to this type of trouble with 2.6 version. I tested >> with -k none options and it didn't help me out. > > IDSWakeup is stateless. Snort 2.8 probably ignores the out-of-state > packets it is producing. > > Stefano >
Ftester on the other hand is stateful: http://dev.inversepath.com/trac/ftester but it's kinda old-fashioned now, it's waiting for a decent rewrite. The concept is still valid though. Cheers > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it with real-world attacks from CORE > IMPACT. > Go to > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw > > to learn more. > ------------------------------------------------------------------------ > -- Andrea Barisani Inverse Path Ltd Chief Security Engineer -----> <-------- <[EMAIL PROTECTED]> http://www.inversepath.com 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E "Pluralitas non est ponenda sine necessitate" ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
