Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Linux :: Apps N-Z :: lnx5264.htm

snort bypass using fragroute
17th Apr 2002 [SBWID-5264]

	snort bypass using fragroute


	All versions


	0xcafebabe reported a post by Dug Song, which released  a  tool  on  the
	focus-ids list which totally blindsides Snort :



	His  README.snort  file  contains  several   fragroute   scripts   which
	blindside even the current Snort version in CVS, tested on  RedHat  7.2.
	For example, the latest  wu-ftpd  exploits  run  through  the  one  line
	\"tcp_seg 1 new\" don\'t trigger any Snort alerts at all.


	 Update (25 April 2002)



	Snort 1.8.7beta1 is available at :


	This should correct the issues that fragroute induces.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH