[Snort-devel] Re: Re: Snort exploits

0xcafebabe at ...1273... 0xcafebabe at ...1273...
Wed Apr 17 20:15:03 EDT 2002


On Wed, 17 Apr 2002 04:07:31 +0000, Dragos Ruiu <dr at ...40...> wrote:

>Basically all the chaffing at the IP and TCP level is detectable as those 
>should not be normal conditions. Look to snort cvs over the next few days
>for solutions to these issues...

That's good to know. But why has it taken 3 months to fix? I wonder what I've been missing during those 3 months. :(

>But using fairly loaded terms like "blindside" is just excessively alarmist imho.

*All* the attacks he lists still work against Snort 1.8.3 through the current version in CVS, except for one, and maybe I'm running it wrong. I literally get *no* alerts for any of the TCP-based attacks, I wouldn't call that "near-sighted" ;)


-=+ 0xCafeBabe! +=-


Hush provide the worlds most secure, easy to use online applications - which solution is right for you?
HushMail Secure Email http://www.hushmail.com/
Hush Business - security for your Business http://www.hush.com/
Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/

Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople





More information about the Snort-devel mailing list