[Snort-devel] Defeating the anti-IDS tools...

agetchel at ...358... agetchel at ...358...
Thu Apr 5 01:31:36 EDT 2001


Hi Todd,
	It would most definitely be optional, like most every feature in
Snort; just another line to comment out in the config file if you don't want
to use it.  Like I said in a previous e-mail, I'm not an expert programmer
in this area, but it won't hurt to give it a shot.  It's sure nice knowing
that some of the best in the business will be combing through it before it
would possibly be included in the codebase, that's for sure. =)  I'll get on
it, tomorrow night, after I read through that draft you sent me before I
left on vacation... =D

Thanks,
Abe

Abe L. Getchell - Security Engineer
Division of System Support Services
Kentucky Department of Education
Voice   502-564-2020x225
E-mail  agetchel at ...358...
Web     http://www.kde.state.ky.us/



> -----Original Message-----
> From: Todd Lewis [mailto:tlewis at ...255...]
> Sent: Thursday, April 05, 2001 1:04 AM
> To: agetchel at ...358...
> Cc: snort-devel at lists.sourceforge.net
> Subject: RE: [Snort-devel] Defeating the anti-IDS tools...
> 
> 
> On Thu, 5 Apr 2001 agetchel at ...358... wrote:
> 
> > I guess, from my
> > point of view, I'm just not hearing any good reasons _not_ 
> to include a
> > postprocessor such as this into Snort.
> 
> As long as its use is optional and it imposes no cost on sites that
> don't use it, then probably no one will object to its being written
> and included.  He who writes the code makes the rules, so show us what
> you've got.
> 
> --
> Todd Lewis
> tlewis at ...255...
> 




More information about the Snort-devel mailing list