Dailydave mailing list archives
Snorty snort snort
From: Dave Aitel <dave () immunitysec com>
Date: Wed, 19 Oct 2005 06:32:17 -0400
I remember bugging Marty about how Sourcefire boxes wern't running grsecurity. He was like "Why would we do that?" But it sure would save them a lot of money right about now. :>
Not that he cares. He's in Aruba right now getting fed grapes from cheerleaders or something.
This is something that's interesting about Snort - the preprocessors have to get written, and written really quickly. They have to put out a fast SMB and MSRPC preprocessor in less time than it takes the more mature IDS teams to QA their monthly patches. Games of catch-up are always great for producing buggy code. :> Do the other IDS's run on hardened boxes? Cause this sort of thing is humiliating, and it keeps happening.
-dave
Current thread:
- Snorty snort snort Dave Aitel (Oct 19)
- <Possible follow-ups>
- RE: Snorty snort snort Aleksander P. Czarnowski (Oct 19)
- Re: Snorty snort snort Rodney Thayer (Oct 19)
- RE: Snorty snort snort Aleksander P. Czarnowski (Oct 19)
- Re: Snorty snort snort Rodney Thayer (Oct 19)
- RE: Snorty snort snort Aleksander P. Czarnowski (Oct 19)
- RE: Snorty snort snort Aleksander P. Czarnowski (Oct 19)