snort-inline-users

[Snort-inline-users] client-side attack

[Pom P. <pom...@gm...>]

Hello!
Iv'e just installed snort-inline 2.6.1 on my linux bridge, and changed all
the rules to 'drop'.

I used metasploit 3.0 in order to test snort's abilities.
snort  drops many attacks successfully, but when I use client-side attacks
(which exploits vulnerability in the browser) it fails to stop them.
I used the default snort-inline.conf file.

why snort-inline doesn't drop the attacks?

thanks

Re: [Snort-inline-users] client-side attack

[Will M. <wil...@gm...>]

Set flow_depth 0 in your http_inspect configuration.

Regards,

Will

On 5/21/07, Pom Padir <pom...@gm...> wrote:
>
> Hello!
> Iv'e just installed snort-inline 2.6.1 on my linux bridge, and changed all
> the rules to 'drop'.
>
> I used metasploit 3.0 in order to test snort's abilities.
> snort  drops many attacks successfully, but when I use client-side attacks
>
> (which exploits vulnerability in the browser) it fails to stop them.
> I used the default snort-inline.conf file.
>
> why snort-inline doesn't drop the attacks?
>
> thanks
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Snort-inline-users mailing list
> Sno...@li...
> https://lists.sourceforge.net/lists/listinfo/snort-inline-users
>
>

Re: [Snort-inline-users] client-side attack

[Pom P. <pom...@gm...>]

Hi,
I changed the flow_depth to 0, but it didn't work...
snort-inline still doesn't drop the attack or log it.
any suggestions?

thanks.

On 5/21/07, Will Metcalf <wil...@gm...> wrote:
>
> Set flow_depth 0 in your http_inspect configuration.
>
> Regards,
>
> Will
>
> On 5/21/07, Pom Padir <pom...@gm... > wrote:
>
> > Hello!
> > Iv'e just installed snort-inline 2.6.1 on my linux bridge, and changed
> > all the rules to 'drop'.
> >
> > I used metasploit 3.0 in order to test snort's abilities.
> > snort  drops many attacks successfully, but when I use client-side
> > attacks
> > (which exploits vulnerability in the browser) it fails to stop them.
> > I used the default snort-inline.conf file.
> >
> > why snort-inline doesn't drop the attacks?
> >
> > thanks
> >
> >
> >
> > -------------------------------------------------------------------------
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2 express and take
> > control of your XML. No limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > _______________________________________________
> > Snort-inline-users mailing list
> > Sno...@li...
> > https://lists.sourceforge.net/lists/listinfo/snort-inline-users
> >
> >
>