[Snort-devel] IDS fingerprinting techniques & Snort's FlexRe sponse...

Dragos Ruiu dr at ...40...
Thu Aug 23 09:12:42 EDT 2001


On Wed, 22 Aug 2001 23:06:15 -0400
agetchel at ...358... wrote:
> 	You don't think it's a big deal if an intruder knows where your IDS
> is placed and what software it's running?  Just because a technique hasn't
> been used to break into a network, doesn't mean it's theoretical.  I've
> _done_ this in a lab environment to make sure I wasn't talking out of my
> @$$. =)

There is a big difference between knowing where the IDS is and what OS/sw
it is running on and knowing the time-to-live of packets to it.

I'm probably TTL=17 away from you... find me...  :-)

cheers,
--dr




More information about the Snort-devel mailing list