Re: Can snort detect covert channels?

[Richard Bejtlich <taosecurity () gmail com>]

On Sun, Oct 4, 2009 at 5:58 PM, Mouza Al-Nayeli
<mouza.alnayeli () gmail com> wrote:
> It would be really helpful to stop wasting your and my time by sending those types of responses. You are not helping 
> anyone her.
>
> You don't own this mailing list nor the snort!

I'm helping because it's clear you 1) didn't read the manual; 2)
didn't read any signatures from snort.org; 3) didn't read any
signatures from emergingthreats.net; 4) didn't read any of the README
files in the Snort distribution.

Snort is probably the best documented open source security project in
the world. It can help you find covert channels but you're not going
to be able to perform this analysis by invoking some magic command you
learned from a Google search or mailing list.

You need fairly intense study and probably coaching to develop the
skills necessary to detect real covert channels.

Your best bet is to read the manual and README files, learn how to use
Snort, experiment for a while, and then return to your covert channel
project in 6-12 months.

Sincerely,

Richard

------------------------------------------------------------------------------
Come build with us! The BlackBerry&reg; Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9&#45;12, 2009. Register now&#33;
http://p.sf.net/sfu/devconf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users