Snort mailing list archives
covert channel detection?
From: "Sheahan, Paul (PCLN-NW)" <Paul.Sheahan () priceline com>
Date: Mon, 6 Aug 2001 14:10:56 -0400
I'm still using Snort 1.7 on Linux and plan to upgrade to 1.8 soon. I was wondering if 1.8 adds any capability to detect covert channels (either icmp or http)? Or does anyone out there use any custom rules for this? Or is it expected that trojan detection will suffice in catching covert channels? Thanks, Paul _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- covert channel detection? Sheahan, Paul (PCLN-NW) (Aug 06)
- Re: covert channel detection? Chris Green (Aug 06)
- Re: covert channel detection? Hugh Fraser (Aug 07)
- Re: covert channel detection? Ralf Hildebrandt (Aug 07)
- Re: covert channel detection? Hugh Fraser (Aug 07)
- Re: covert channel detection? Chris Green (Aug 06)