Snort mailing list archives
Re: How does Snort protect itself ?
From: twig les <twigles () yahoo com>
Date: Tue, 10 Sep 2002 10:34:25 -0700 (PDT)
Not really. My point was that Snort protects Snort well, but not the sensor. --- KD Rajkumar <koderma () hotmail com> wrote:
I think you misunderstood my question. I wasn't asking if one could use Snort to protect Snort.From: twig les <twigles () yahoo com> To: "Vinay A. Mahadik" <VAMahadik () lbl gov>, KDRajkumar<koderma () hotmail com> CC: snort-users () lists sourceforge net Subject: Re: [Snort-users] How does Snort protectitself ?Date: Mon, 9 Sep 2002 20:42:47 -0700 (PDT) I wouldn't use snort to protect the sensor. On topofwhat V. wrote, Snort protects *itself* by runningas anormal user with no shell, and by not using shoddy programming (no buffer overflows on bugtraq :). Using Snort to protect your sensor is like usingtheback of a screwdriver as a hammer. It would be a better idea to do the traditional grunt work of hardening the OS by pruning useless services,patchingit, and firewalling it. --- "Vinay A. Mahadik" <VAMahadik () lbl gov> wrote:KD Rajkumar wrote:Hi, How does Snort protect itself against attacks.Ifan attacker is tryingto take down the IDS itself, is Snort capableofdetecting and thwartingit ?Briefly.. although perhaps not optimized for self-defense, there are mechanisms like 'memcap' (and consequentaggressivepruning, and random nuking of states), and 'timeout' forpreprocessorslike frag2, stream4. There's '-z est' defense against stick/snotattacks.For evasion attacks, there are dedicated preprocessors and preprocessor options, and some internal source code tweaks like the1.9.x'spseudo-random FLUSH_POINTs in stream4. These are just pointersandnot a complete list.. It would be good to have a separate discussion in the manual about these.. -- Vinay A. Mahadik Summer Intern System & Network Security Group Lawrence Berkeley National Lab (510) 495 2618-------------------------------------------------------This sf.net email is sponsored by: OSDN - Tiredofthat same old cell phone? Get a new here for FREE!https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users list archive:http://www.geocrawler.com/redir-sf.php3?list=snort-users=====-----------------------------------------------------------Heavy metal made me do it.-----------------------------------------------------------__________________________________________________ Yahoo! - We Remember 9-11: A tribute to the more than 3,000 lives lost http://dir.remember.yahoo.com/tribute
_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com
===== ----------------------------------------------------------- Heavy metal made me do it. ----------------------------------------------------------- __________________________________________________ Yahoo! - We Remember 9-11: A tribute to the more than 3,000 lives lost http://dir.remember.yahoo.com/tribute ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: How does Snort protect itself ?, (continued)
- Re: How does Snort protect itself ? Vinay A. Mahadik (Sep 08)
- Re: How does Snort protect itself ? twig les (Sep 09)
- RE: How does Snort protect itself ? Semerjian, Ohanes (Sep 10)
- Re: How does Snort protect itself ? Vinay A. Mahadik (Sep 10)
- Re: How does Snort protect itself ? KD Rajkumar (Sep 15)
- Re: How does Snort protect itself ? WTWork (Sep 15)
- Re: How does Snort protect itself ? Gary Flynn (Sep 16)
- Re: How does Snort protect itself ? Ian Macdonald (Sep 17)
- Re: Stealth NIC (Was: How does Snort protect itself ?) Erek Adams (Sep 18)
- Re: How does Snort protect itself ? WTWork (Sep 15)
- Re: How does Snort protect itself ? Vinay A. Mahadik (Sep 08)
- Re: How does Snort protect itself ? KD Rajkumar (Sep 15)
- Re: How does Snort protect itself ? twig les (Sep 10)