Snort mailing list archives
Re: How does Snort protect itself ?
From: "KD Rajkumar" <koderma () hotmail com>
Date: Tue, 10 Sep 2002 01:50:06 +0000
I think it's a splendid idea to have a seperate discussion on the manual page on this.
It would be very helpful to get insight from the curators of the program, Marty Roesch et al, on data structures used and other design considerations for protecting Snort itself from being attacked.
From: "Vinay A. Mahadik" <VAMahadik () lbl gov> To: KD Rajkumar <koderma () hotmail com> CC: snort-users () lists sourceforge net Subject: Re: [Snort-users] How does Snort protect itself ? Date: Sun, 08 Sep 2002 14:44:42 -0400 KD Rajkumar wrote:Hi,How does Snort protect itself against attacks. If an attacker is trying to take down the IDS itself, is Snort capable of detecting and thwarting it ?Briefly.. although perhaps not optimized for self-defense, there are mechanisms like 'memcap' (and consequent aggressive pruning, and random nuking of states), and 'timeout' for preprocessors like frag2, stream4. There's '-z est' defense against stick/snot attacks. For evasion attacks, there are dedicated preprocessors and preprocessor options, and some internal source code tweaks like the 1.9.x's pseudo-random FLUSH_POINTs in stream4. These are just pointers and not a complete list.. It would be good to have a separate discussion in the manual about these..-- Vinay A. Mahadik Summer Intern System & Network Security Group Lawrence Berkeley National Lab (510) 495 2618
_________________________________________________________________MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How does Snort protect itself ? KD Rajkumar (Sep 08)
- Re: How does Snort protect itself ? Vinay A. Mahadik (Sep 08)
- Re: How does Snort protect itself ? twig les (Sep 09)
- <Possible follow-ups>
- RE: How does Snort protect itself ? Semerjian, Ohanes (Sep 10)
- Re: How does Snort protect itself ? Vinay A. Mahadik (Sep 10)
- Re: How does Snort protect itself ? KD Rajkumar (Sep 15)
- Re: How does Snort protect itself ? WTWork (Sep 15)
- Re: How does Snort protect itself ? Gary Flynn (Sep 16)
- Re: How does Snort protect itself ? Ian Macdonald (Sep 17)
- Re: Stealth NIC (Was: How does Snort protect itself ?) Erek Adams (Sep 18)
- Re: How does Snort protect itself ? WTWork (Sep 15)
- Re: How does Snort protect itself ? Vinay A. Mahadik (Sep 08)
- Re: How does Snort protect itself ? KD Rajkumar (Sep 15)
- Re: How does Snort protect itself ? twig les (Sep 10)