Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How does Snort protect itself ?

From: Gary Flynn <flynngn () jmu edu>
Date: Mon, 16 Sep 2002 08:15:27 -0400
WTWork wrote:


Not really sure this is what needs to be done. If you run Snort on a
stealth NIC then it can't be found or tampered with there.


Keep in mind that both Ethreal and the MS Network Monitor had
defects that allowed malicious traffic in the packet stream being 
monitored to subvert the machine doing the sniffing. This type of 
attack wouldn't need an IP address.

That said, I suspect the basic snort engine is less complicated
than an engine needing to decode hundreds of different protocols
down to the individual field levels so there is probably less 
likelihood of undiscovered defects. I don't know if the same can 
be said for plug-ins.

-- 
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: