Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How does Snort protect itself ?

From: "Vinay A. Mahadik" <VAMahadik () lbl gov>
Date: Tue, 10 Sep 2002 20:03:11 -0400
Hey Guys,
I think KDR wanted to know how Snort uses anti-evasion mechanisms, not how it can be secured against buffer-overflows or DoS and the like. The things that I mentioned memcap, timeouts, '-z est', randomized stream4's flush-points etc are some clues.. it's an interesting question, and if you have experience with the source please do pour in your finds.. 

Thanks,
Vinay.

Semerjian, Ohanes wrote:


I agree 100% with twig les, best way to protect the sensor is by harnding
the OS (install only mini required packages for the sensor to function)
apply patches, close all ports and leave only thats required, use IPless
interface and one admin interface which u could ssh to connect to it, run
file integrity tools like AID (similar to Tripwire but its free). 
Best Regards

Ohanes Semerjian
PGP kEY 6604 2A46 E64F BEBF A4B7 9D01 9E08 399C 9D45 3254 








-------------------------------------------------------
In remembrance
www.osdn.com/911/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: