[Snort-devel] Snort-snmp

Glenn Mansfield Keeni glenn at ...1085...
Fri Dec 5 17:01:00 EST 2003


Marty/Chris,
  We have checked and cleaned the SnortSnmp code for potential
vulnerabilities.  [replaced sprintf by snprintf, strcpy by
strncpy etc.]. The upgrades for the SnortSnmp output plugin
corresponding to Snort versions 2.0.[2-5] are available from
     http://www.cysol.co.jp/contrib/snortsnmp/index.html
  We have also added a throttling mechanism for SNMP alerts.
In case there is a direct or indirect DoS attack on the IDS
system itself. Only MAXALERTSINONESEC alerts per second will
be generated. If MAXALERTSINONESEC == 0 this feature is turned
off. (MAXALERTSINONESEC is defined in src/output-plugins/spo_SnmpTrap.c. )

  We will be happy if the source can be folded back into to
snort-core. If there is something that remains to be done please
let us know.

  Thanks and Cheers

        Glenn






More information about the Snort-devel mailing list