[Snort-devel] IDS fingerprinting techniques & Snort's FlexRe sponse...
dr at ...40...
Thu Aug 23 09:12:42 EDT 2001
On Wed, 22 Aug 2001 23:06:15 -0400
agetchel at ...358... wrote:
> You don't think it's a big deal if an intruder knows where your IDS
> is placed and what software it's running? Just because a technique hasn't
> been used to break into a network, doesn't mean it's theoretical. I've
> _done_ this in a lab environment to make sure I wasn't talking out of my
> @$$. =)
There is a big difference between knowing where the IDS is and what OS/sw
it is running on and knowing the time-to-live of packets to it.
I'm probably TTL=17 away from you... find me... :-)
More information about the Snort-devel