Re: Can snort detect covert channels?

[Mouza Al-Nayeli <mouza.alnayeli () gmail com>]

Thanks Jeff. Then, I'll start looking at the malware detection signatures
for any behavior similarities.

Those kind of responses are very much welcomed :)


2009/10/4 Jeff Kell <jeff-kell () utc edu>

> Well, if it could detect them, they wouldn't be "covert" now, would they?
>  :-)
>
> It does however detect a number of "esoteric" channels, provided the
> signatures for them.  In fact, a "large number" of signatures focus on such
> traffic for malware detection.  Granted it is a reactive response at that
> point, but the focus is on detection (IDS) rather than prevention (IPS).
>
> Jeff



-- 
Mouza A. Al-Nayeli
-----------------------------------------------
There comes a time when the mind takes a higher plane of knowledge but can
never prove how it got there

------------------------------------------------------------------------------
Come build with us! The BlackBerry&reg; Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9&#45;12, 2009. Register now&#33;
http://p.sf.net/sfu/devconf

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users