Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: options for consideration

From: "L. Christopher Luther" <CLuther () Xybernaut com>
Date: Tue, 22 Apr 2003 16:28:07 -0400
Other than the various "attack response" rules that Snort already uses, I
don't really think that an additional feature is feasible/possible.  How
would Snort know that an attack succeeded?  

Snort only monitors the actual traffic on a wire, not processes on any
particular network node.  The best it could do would be to see some type of
response from the compromised network device.  Hence the "attack response"
rules.  

My two cents... 

- Christopher


-----Original Message-----
From: Slighter, Tim [mailto:tslighter () itc nrcs usda gov]
Sent: Tuesday, April 22, 2003 3:49 PM
To: Snort-Users (E-mail)
Subject: [Snort-users] options for consideration


What are the possibilities of implementing an additional feature into snort
that would inform the user if an attack was successful or not?  


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: