Re: Can snort detect covert channels?

[Mouza Al-Nayeli <mouza.alnayeli () gmail com>]

Thanks Richard for the encouraging response. This is my first time to use
snort, and if there is no chance that it might help me in my work, then I
wouldn't bother myself looking through the tons of documentation.

The mailing list purpose is to provide help and if there is anyone that's
not willing to do so shall not reply.

2009/10/4 Richard Bejtlich <taosecurity () gmail com>

> On Sun, Oct 4, 2009 at 11:04 AM, Mouza Al-Nayeli
> <mouza.alnayeli () gmail com> wrote:
> > Hello Nigel
> >
> > TCP/IP header covert channels, ICMP covert channels, DNS covert channels,
> > packet sorting covert channels.
>
> Hello,
>
> I think this is a silly question.  Of all the possible systems you
> could use, Snort is probably the easiest to evaluate.  The rules are
> open, the code is open, great documentation is included with the
> distribution... are you trying to get someone to do your homework for
> you?
>
> Sincerely,
>
> Richard



-- 
Mouza A. Al-Nayeli
-----------------------------------------------
There comes a time when the mind takes a higher plane of knowledge but can
never prove how it got there

------------------------------------------------------------------------------
Come build with us! The BlackBerry&reg; Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9&#45;12, 2009. Register now&#33;
http://p.sf.net/sfu/devconf

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users