Snort mailing list archives
Re: run sneeze
From: "Richard Bejtlich" <taosecurity () gmail com>
Date: Tue, 8 Aug 2006 06:10:24 -0400
Jesus Galvez wrote:
"I've never heard of sneeze before, does it establish full session attacks?" Sneeze just takes the protocol and string of the rules that you indicate and generates the alert.
Not exactly. I wouldn't bother using Sneeze, at least for TCP. Ref: http://marc.theaimsgroup.com/?l=focus-ids&m=110030228225521&w=2 Sincerely, Richard ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- run sneeze Jesús Gálvez (Aug 07)
- Re: run sneeze Kevin Johnson (Aug 07)
- Re: run sneeze Joel Esler (Aug 07)
- Re: run sneeze Jesús Gálvez (Aug 08)
- Re: run sneeze Joel Esler (Aug 08)
- Re: run sneeze Eric Hines (Aug 08)
- Re: run sneeze Jesús Gálvez (Aug 08)
- <Possible follow-ups>
- Re: run sneeze Michael Scheidell (Aug 07)
- Re: run sneeze Richard Bejtlich (Aug 08)