Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: Apps N-Z :: lnx5264.htm

snort bypass using fragroute



17th Apr 2002 [SBWID-5264]
COMMAND

	snort bypass using fragroute

SYSTEMS AFFECTED

	All versions

PROBLEM

	0xcafebabe reported a post by Dug Song, which released  a  tool  on  the
	focus-ids list which totally blindsides Snort :
	

	http://www.monkey.org/~dugsong/fragroute/index.html

	

	

	His  README.snort  file  contains  several   fragroute   scripts   which
	blindside even the current Snort version in CVS, tested on  RedHat  7.2.
	For example, the latest  wu-ftpd  exploits  run  through  the  one  line
	\"tcp_seg 1 new\" don\'t trigger any Snort alerts at all.

SOLUTION

	 Update (25 April 2002)

	 ======

	

	Snort 1.8.7beta1 is available at :
	

	http://www.snort.org/dl/beta/snort-1.8.7beta1.tar.gz.

	

	This should correct the issues that fragroute induces.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH