Snort mailing list archives
Re: tippingpoint]
From: Frank Knobbe <frank () knobbe us>
Date: Fri, 17 Oct 2003 09:08:15 -0500
On Fri, 2003-10-17 at 01:52, John Sage wrote:
And what do you do about traffic that represents unknown exploits? [...] You seem very well prepared to protect yourself against the known...
Sorry guys, I don't want to budge into the middle of this. But I do have to remind everyone that Snort is not the Silver Bullet. Generally speaking, you can not *protect* yourself from unknown exploits. However, you can *detect* intrusions using unknown exploits. Snort is primarily and Intrusion Detection System, and as such *can* alert you on intrusions. Not with the stock signatures, but with your custom rules that you created for your network. Snort is just a tool. How you use it is up to you. I do agree though that Stacheldraht is kinda old. In addition, I've seen false positives with that sig, so I wouldn't rely on it for IPS type stuff or blocking. Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: tippingpoint] Geoff (Oct 16)
- Re: tippingpoint] John Sage (Oct 17)
- Re: tippingpoint] Frank Knobbe (Oct 17)
- Re: tippingpoint] Gary Flynn (Oct 17)
- Message not available
- Re: tippingpoint] John Sage (Oct 19)
- Re: tippingpoint] John Sage (Oct 17)
- Re: tippingpoint] Michael Sierchio (Oct 17)
- Re: tippingpoint] Geoff (Oct 17)
- <Possible follow-ups>
- FW: tippingpoint] Geoff Poer (Oct 20)