Snort mailing list archives

Re: run sneeze

From: "Richard Bejtlich" <taosecurity () gmail com>
Date: Tue, 8 Aug 2006 06:10:24 -0400

Jesus Galvez wrote:


"I've never heard of sneeze before, does it establish full session attacks?"

Sneeze just takes the protocol and string of the rules that you indicate and
generates the alert.


Not exactly.  I wouldn't bother using Sneeze, at least for TCP. Ref:

http://marc.theaimsgroup.com/?l=focus-ids&m=110030228225521&w=2

Sincerely,

Richard

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

run sneeze Jesús Gálvez (Aug 07)
- Re: run sneeze Kevin Johnson (Aug 07)
- Re: run sneeze Joel Esler (Aug 07)
  - Re: run sneeze Jesús Gálvez (Aug 08)
    - Re: run sneeze Joel Esler (Aug 08)
    - Re: run sneeze Eric Hines (Aug 08)
- <Possible follow-ups>
- Re: run sneeze Michael Scheidell (Aug 07)
- Re: run sneeze Richard Bejtlich (Aug 08)