[25097] in bugtraq
Snort exploits
daemon@ATHENA.MIT.EDU (0xcafebabe@hushmail.com)
Wed Apr 17 02:29:10 2002
Message-Id: <200204170307.g3H37CD00821@mailserver2.hushmail.com>
From: 0xcafebabe@hushmail.com
To: bugtraq@securityfocus.com, pen-test@securityfocus.com
Cc: snort-devel@snort.org
Date: Tue, 16 Apr 2002 20:07:12 -0700
I didn't see it posted to these lists, but yesterday Dug Song quietly released a tool on the focus-ids list which totally blindsides Snort - http://www.monkey.org/~dugsong/fragroute/index.html. His README.snort file contains several fragroute scripts which blindside even the current Snort version in CVS, tested on RedHat 7.2. For example, the latest wu-ftpd exploits run through the one line "tcp_seg 1 new" don't trigger any Snort alerts at all.
:( :(
Fragroute is a very powerful new tool. Has anyone found other attacks against Snort with it, or tried it against any other IDS for that matter?
-=+ 0xCafeBabe +=-
Hush provide the worlds most secure, easy to use online applications - which solution is right for you?
HushMail Secure Email http://www.hushmail.com/
HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/
Hush Business - security for your Business http://www.hush.com/
Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/
Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople
