Snort mailing list archives
Re: IPS mode for snort
From: waldo kitty <wkitty42 () windstream net>
Date: Wed, 12 Jun 2013 12:29:09 -0400
On 6/12/2013 11:00, Mike Miller wrote:
4. If the Bad Guy think's you're actively blacklisting based on IP, they can craft packets to make you go deaf. (Like making sure your Snort box is blocking access to the outside DNS server...because it received a UDP packet that was bad, that it thinks came from the DNS server.)
FWIW: this is where you would white list those external critical systems like
trusted upstream DNS servers ;)
--
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- IPS mode for snort Nomad Esst (Jun 04)
- Re: IPS mode for snort Mike Miller (Jun 04)
- Re: IPS mode for snort Nomad Esst (Jun 12)
- Snort slowly Ozgur Karatas (Jun 12)
- Re: Snort slowly Ozgur Karatas (Jun 12)
- Re: Snort slowly waldo kitty (Jun 12)
- Re: Snort slowly Ozgur Karatas (Jun 12)
- Re: IPS mode for snort Nomad Esst (Jun 12)
- Re: IPS mode for snort Mike Miller (Jun 04)
- Re: IPS mode for snort Mike Miller (Jun 12)
- Re: IPS mode for snort waldo kitty (Jun 12)
- Re: IPS mode for snort Nomad Esst (Jun 12)
- Re: IPS mode for snort Nomad Esst (Jun 12)
- Re: IPS mode for snort Mike Miller (Jun 14)