Snort mailing list archives
Re: How does Snort protect itself ?
From: "Vinay A. Mahadik" <VAMahadik () lbl gov>
Date: Sun, 08 Sep 2002 14:44:42 -0400
KD Rajkumar wrote:
Hi,How does Snort protect itself against attacks. If an attacker is trying to take down the IDS itself, is Snort capable of detecting and thwarting it ?
Briefly.. although perhaps not optimized for self-defense, there are mechanisms like 'memcap' (and consequent aggressive pruning, and random nuking of states), and 'timeout' for preprocessors like frag2, stream4. There's '-z est' defense against stick/snot attacks. For evasion attacks, there are dedicated preprocessors and preprocessor options, and some internal source code tweaks like the 1.9.x's pseudo-random FLUSH_POINTs in stream4. These are just pointers and not a complete list.. It would be good to have a separate discussion in the manual about these..
-- Vinay A. Mahadik Summer Intern System & Network Security Group Lawrence Berkeley National Lab (510) 495 2618 ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How does Snort protect itself ? KD Rajkumar (Sep 08)
- Re: How does Snort protect itself ? Vinay A. Mahadik (Sep 08)
- Re: How does Snort protect itself ? twig les (Sep 09)
- <Possible follow-ups>
- RE: How does Snort protect itself ? Semerjian, Ohanes (Sep 10)
- Re: How does Snort protect itself ? Vinay A. Mahadik (Sep 10)
- Re: How does Snort protect itself ? KD Rajkumar (Sep 15)
- Re: How does Snort protect itself ? WTWork (Sep 15)
- Re: How does Snort protect itself ? Gary Flynn (Sep 16)
- Re: How does Snort protect itself ? Ian Macdonald (Sep 17)
- Re: Stealth NIC (Was: How does Snort protect itself ?) Erek Adams (Sep 18)
- Re: How does Snort protect itself ? WTWork (Sep 15)
- Re: How does Snort protect itself ? Vinay A. Mahadik (Sep 08)
- Re: How does Snort protect itself ? KD Rajkumar (Sep 15)
- Re: How does Snort protect itself ? twig les (Sep 10)