[Snort-devel] Inter-Sensor Communication? (long)

Frank Knobbe FKnobbe at ...339...
Sun May 20 14:54:55 EDT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> -----Original Message-----
> From: Fyodor [mailto:fygrave at ...1...]
> Sent: Sunday, May 20, 2001 1:44 PM
> 
> Or use UDP as underlying protocol? Less reliable but no need
> to keep track of 19^2 connections. Some 3DES crypto,
> timestamps and DSA signatures would solve the problems with
> sniffing/spoofing and replaying attacks.

You mean as broadcasts? Would work, but I think reliability would be
desired. If you'd use directed packets, you still have 19^2 packets
floating around. I think the question is, should inter-sensor
communication be implemented in a mesh (mess?), or by utilizing a
master/controller host? (This is assuming that all sensors see the
traffic and respond, as in worst-case. If only one sensor responds,
it would be only 19 packets/conns)

Regards,
Frank


PS: I'm gonna unhook from this thread as I have my hands full with my
plug-in. Once Mike has a Win32 port of 1.8, my code will be tested
and released. But if anyone wants to use the TwoFish routines today,
please email me offline.

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME encrypted email preferred.

iQA/AwUBOwgS/pytSsEygtEFEQLCLQCgweEUe4DaGPpViTNZEa1aUGPfmkEAoNKT
0L0lI2oZJHRHUZzvRyhMEWc/
=aRUD
-----END PGP SIGNATURE-----




More information about the Snort-devel mailing list