Snort exploits?

Data that travels over the air and how to protect (or decipher) it

Snort exploits?

Post by gamerfreak1727 on Fri Aug 08, 2008 3:47 pm
([msg=9121]see Snort exploits?[/msg])

Are there any known exploits or ways to get into a snort-protected box? I have been asked by a local company to break through their firewall on their server, and have little time to prepare. Any comments and advice will be useful. Here is the information that they provided me:

Server: IIS 6.0
Very large intranet
IT tech used "Snort for Dummies" to set up the app, but is confident that it is fool proof.

Thanks,
Gamerfreak1727
gamerfreak1727
New User
New User
 
Posts: 5
Joined: Fri Jun 06, 2008 11:08 pm
Blog: View Blog (0)


Re: Snort exploits?

Post by beagle on Mon Aug 11, 2008 11:57 am
([msg=9372]see Re: Snort exploits?[/msg])

Does it have autoshun enabled?
011000100110010101100001011001110110110001100101
beagle
Poster
Poster
 
Posts: 244
Joined: Wed Jul 02, 2008 2:37 pm
Location: Chico, CA
Blog: View Blog (0)


Re: Snort exploits?

Post by gamerfreak1727 on Mon Aug 11, 2008 4:54 pm
([msg=9405]see Re: Snort exploits?[/msg])

No, he has not installed the Autoshun plugin.
gamerfreak1727
New User
New User
 
Posts: 5
Joined: Fri Jun 06, 2008 11:08 pm
Blog: View Blog (0)


Re: Snort exploits?

Post by beagle on Mon Aug 11, 2008 6:48 pm
([msg=9420]see Re: Snort exploits?[/msg])

Darn.
011000100110010101100001011001110110110001100101
beagle
Poster
Poster
 
Posts: 244
Joined: Wed Jul 02, 2008 2:37 pm
Location: Chico, CA
Blog: View Blog (0)


Re: Snort exploits?

Post by gamerfreak1727 on Mon Aug 11, 2008 7:25 pm
([msg=9422]see Re: Snort exploits?[/msg])

If he did, what would I be able to do?
gamerfreak1727
New User
New User
 
Posts: 5
Joined: Fri Jun 06, 2008 11:08 pm
Blog: View Blog (0)


Re: Snort exploits?

Post by beagle on Tue Aug 12, 2008 9:29 am
([msg=9444]see Re: Snort exploits?[/msg])

You could spoof your IP address and block it's communication to any system you wanted. For example, say you wanted to block my computer from it's computer. You could spoof my IP and have it block me by attacking it. It then blocks my system, thinking that I am attacking it.
You can do this with name servers, too. That could really mess up a server, if you blocked communication with it's name server.
I'm pretty sure you could also block it's loopback address (127.0.0.1). If you spoofed you IP and attacked the server, and your spoofed IP was 127.0.0.1, you could block itself from itself. Ouch.
Hope this was helpful.
011000100110010101100001011001110110110001100101
beagle
Poster
Poster
 
Posts: 244
Joined: Wed Jul 02, 2008 2:37 pm
Location: Chico, CA
Blog: View Blog (0)


Re: Snort exploits?

Post by gamerfreak1727 on Tue Aug 12, 2008 1:51 pm
([msg=9466]see Re: Snort exploits?[/msg])

Lol, that's awesome. I wish he would have installed it now... :lol:
gamerfreak1727
New User
New User
 
Posts: 5
Joined: Fri Jun 06, 2008 11:08 pm
Blog: View Blog (0)


Re: Snort exploits?

Post by gamerfreak1727 on Wed Aug 13, 2008 9:30 pm
([msg=9645]see Re: Snort exploits?[/msg])

Any more ideas?
gamerfreak1727
New User
New User
 
Posts: 5
Joined: Fri Jun 06, 2008 11:08 pm
Blog: View Blog (0)


Re: Snort exploits?

Post by beagle on Thu Aug 14, 2008 11:52 am
([msg=9672]see Re: Snort exploits?[/msg])

gamerfreak1727 wrote:Any more ideas?

No, I'm afraid that's it. I'm no expert on IDS systems.
011000100110010101100001011001110110110001100101
beagle
Poster
Poster
 
Posts: 244
Joined: Wed Jul 02, 2008 2:37 pm
Location: Chico, CA
Blog: View Blog (0)



Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests