Re: Snort Question

Looks like SNORT is picking up on some attack against Compaq's Insight Manager. Insight Manager allows admins to control Compaq desktops, laptops and servers through the IM agent and has a web interface. Check out the articles here http://neworder.box.sk/search.php3?srch=insight+manager . Maybe

RE: Snort Question

That is management-agent-file-read, you can have a look at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0771 -- ÎÒÒª¸üºÃµÄÉú»î Yiming Gong Senior System Administrator China Telcom [EMAIL PROTECTED] http://security.zz.ha.cn 0086-0371-7934907 > -Original Message- > Fro

RE: Snort Question

If you're running v1.8 of Snort, there should be a link in the alert that points to a page on Whitehat or one of a couple other sites that describe the exploit. If you're not seeing this, head over to http://www.whitehats.com/ids/index.html and do a search on the vulnerability. Having said that,

RE: Snort Question

http://www.google.com/search?q=compaq+insight+directory+traversal > -Original Message- > From: Martin Smith [mailto:[EMAIL PROTECTED]] > Sent: Monday, November 19, 2001 12:43 PM > To: [EMAIL PROTECTED] > Subject: Snort Question > > > > I have been getting this alert, but I can't fi

Re: Snort question-follow-up

t;[EMAIL PROTECTED]> Sent: Monday, October 01, 2001 9:27 AM Subject: Re: Snort question-follow-up > Firewall first, if you had read the docs you would have seen that snort > doesn't see packets dropped by the firewall, so if snort is awfully quiet > your firewall is probably block

RE: Snort question-follow-up

t the person kindly provided you with (he kind of did your homework for you) mail me off list and I will reprovide it for you. Cheers, Leon -Original Message- From: Claudiu Ionescu [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 1:22 PM To: Security Basics Subject: Re:

re: Snort question

from the test i ran, yes it does... however, i think it depends on which machine snort is running and which machine the firewall software is running on. my slack box is set up to masquerade my LAN as a firewall/gateway using netfilter. i installed snort on this same machine for the test. i then

Re: Snort question

From: "Michael Kjorling" <[EMAIL PROTECTED]> Sent: Thursday, September 27, 2001 4:06 AM > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > I belive not. The firewall code (the rules of which are managed > through ipfwadm/ipchains/iptables depending on your kernel version) is > executing direc

Re: Snort question

this is system dependent. i don't believe snort will see the traffic on a linux box, but it will on an openBSD box. i think this is a result of where the promisicous device is located in the kernel structures. on linux, it is obviously after the firewall code, on openBSD it appears to be before