[Oisf-users] Suricata: fail to detect reverse shell?

James Harrison jharr139 at jhu.edu
Mon Nov 25 03:01:30 UTC 2013


My class team recently setup the Suricata IDS on a test network. Using metasploit, a reverse shell was obtained through a PDF vulnerability. Suricata saw the PDF transfer, but failed to see the shell open.

We felt that this was not a special attack, and should have been easily detected. Are we wrong to think this? Is there a configuration setting we missed?

Our network is designed so that the IDS is also the gateway into our "internal network". All network traffic with the "outside world" goes through this machine.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20131125/804a7913/attachment.html>

More information about the Oisf-users mailing list