[Snort-devel] Thoughts on threads

Todd Lewis tlewis at ...255...
Mon Apr 30 13:18:00 EDT 2001


On Mon, 30 Apr 2001, Jon Bentley wrote:

> I'm thinking of pre-attack scans.  Not that we do things like this here,
> but I can see that some sites may attempt to implement post-processing
> logic to look for such scans and react accordingly.  Given that the world
> is full of kiddies, the scans are usually a few milliseconds prior to
> the launch, so reordering even a tad causes me concern.

But the network can reorder, and the authors of the script-kiddie-scripts
can reorder their code.  Ergo, isn't any detection code that relies on
delivery order already per se broken?

--
Todd Lewis
tlewis at ...255...





More information about the Snort-devel mailing list