Snort mailing list archives

RE: Snort + ipchains

From: Erek Adams <erek () theadamsfamily net>
Date: Sat, 1 Dec 2001 18:20:23 -0800 (PST)

On Sat, 1 Dec 2001, Martijn Heemels wrote:

Erik Adams would say that I need more coffee and it would all become
clear ;-D


Of course!  All things can be solved with massive amounts of coffee.  ;-)

I think John Berkers had his!  I like his suggestion of:

A: While Snort also sees the packets that the firewall does, if the
exploit that the signature catches requires a connection to be
established, the exploit will never be sent.

The firewall blocks the three-way-handshake process and you never get a
connection, therefore you never get the exploit packet.


-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort + ipchains Guillaume (Nov 30)
- Re: Snort + ipchains John Sage (Nov 30)
  - RE: Snort + ipchains Martijn Heemels (Dec 01)
    - Re: Snort + ipchains John Sage (Dec 01)
    - RE: Snort + ipchains Martijn Heemels (Dec 01)
    - Re: Snort + ipchains John Sage (Dec 01)
    - RE: Snort + ipchains Erek Adams (Dec 01)
    - Re: Snort + ipchains Ed Wiget (Dec 01)
  - Re: Snort + ipchains Guillaume (Dec 01)
    - Re: Snort + ipchains John Sage (Dec 01)
    - RE: Snort + ipchains John Berkers (Dec 01)
    - Re: Snort + ipchains John Sage (Dec 01)
    - RE: Snort + ipchains Martijn Heemels (Dec 02)
    - Re: Snort + ipchains John Sage (Dec 02)
    - Re: Snort + ipchains Guillaume (Dec 03)