Snort mailing list archives
RE: How does Snort protect itself ?
From: "Semerjian, Ohanes" <Semerjian.Ohanes () wcom com au>
Date: Wed, 11 Sep 2002 08:06:09 +0800
I agree 100% with twig les, best way to protect the sensor is by harnding the OS (install only mini required packages for the sensor to function) apply patches, close all ports and leave only thats required, use IPless interface and one admin interface which u could ssh to connect to it, run file integrity tools like AID (similar to Tripwire but its free). Best Regards Ohanes Semerjian PGP kEY 6604 2A46 E64F BEBF A4B7 9D01 9E08 399C 9D45 3254 -----Original Message----- From: twig les [mailto:twigles () yahoo com] Sent: Tuesday, 10 September 2002 13:43 To: Vinay A. Mahadik; KD Rajkumar Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] How does Snort protect itself ? I wouldn't use snort to protect the sensor. On top of what V. wrote, Snort protects *itself* by running as a normal user with no shell, and by not using shoddy programming (no buffer overflows on bugtraq :). Using Snort to protect your sensor is like using the back of a screwdriver as a hammer. It would be a better idea to do the traditional grunt work of hardening the OS by pruning useless services, patching it, and firewalling it. --- "Vinay A. Mahadik" <VAMahadik () lbl gov> wrote:
KD Rajkumar wrote:Hi, How does Snort protect itself against attacks. Ifan attacker is tryingto take down the IDS itself, is Snort capable ofdetecting and thwartingit ?Briefly.. although perhaps not optimized for self-defense, there are mechanisms like 'memcap' (and consequent aggressive pruning, and random nuking of states), and 'timeout' for preprocessors like frag2, stream4. There's '-z est' defense against stick/snot attacks. For evasion attacks, there are dedicated preprocessors and preprocessor options, and some internal source code tweaks like the 1.9.x's pseudo-random FLUSH_POINTs in stream4. These are just pointers and not a complete list.. It would be good to have a separate discussion in the manual about these.. -- Vinay A. Mahadik Summer Intern System & Network Security Group Lawrence Berkeley National Lab (510) 495 2618
-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users ===== ----------------------------------------------------------- Heavy metal made me do it. ----------------------------------------------------------- __________________________________________________ Yahoo! - We Remember 9-11: A tribute to the more than 3,000 lives lost http://dir.remember.yahoo.com/tribute ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- In remembrance www.osdn.com/911/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How does Snort protect itself ? KD Rajkumar (Sep 08)
- Re: How does Snort protect itself ? Vinay A. Mahadik (Sep 08)
- Re: How does Snort protect itself ? twig les (Sep 09)
- <Possible follow-ups>
- RE: How does Snort protect itself ? Semerjian, Ohanes (Sep 10)
- Re: How does Snort protect itself ? Vinay A. Mahadik (Sep 10)
- Re: How does Snort protect itself ? KD Rajkumar (Sep 15)
- Re: How does Snort protect itself ? WTWork (Sep 15)
- Re: How does Snort protect itself ? Gary Flynn (Sep 16)
- Re: How does Snort protect itself ? Ian Macdonald (Sep 17)
- Re: Stealth NIC (Was: How does Snort protect itself ?) Erek Adams (Sep 18)
- Re: How does Snort protect itself ? WTWork (Sep 15)
- Re: How does Snort protect itself ? Vinay A. Mahadik (Sep 08)
- Re: How does Snort protect itself ? KD Rajkumar (Sep 15)
- Re: How does Snort protect itself ? twig les (Sep 10)