Snort mailing list archives
frag3_engine policy in heterogeneous env.
From: chris ryan <chris.ryan () gmx de>
Date: Wed, 25 Jun 2008 14:32:34 +0200
Hi, as far as i understand, the policies "emulate" the target host OS defragmentation to avoid an evasion of the ids. For now, we have a very heterogeneous environment and cannot map the subnets to specific operating systems. In effect, the "bind-to" combined with "policy xyz" is not applicable. So, my guess is, i've to use one frag3_engine policy for all the traffic (with possible evasion side effect to ids). The default engine is "BSD". Is "BSD" a good choice for such a heterogeneous environment? Thanks in advance, Chris. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- frag3_engine policy in heterogeneous env. chris ryan (Jun 25)
- Re: frag3_engine policy in heterogeneous env. Bachelor, Stephen A CTR USSOCOM HQ (Jun 25)