[Snort-users] Idea for a Denial of Service against Snort

Andrea Barisani lcars at ...96...
Thu Jul 20 05:56:14 EDT 2000


Recently I was thinking about a denial of service against machine that are
using snort and I came up with this strange idea.

If i create a set of scripts or a program that would read a snort rules
file and would flood some host with all the packets that matchs the
entries of that rules-file I can create a LOT of work for the logging
system of snort. I guess that flooding for just a minute could cause
several problems even on fast machines.
I have not yet test that, mainly because I haven't the time to build the
program but I wonder if there is someone who wants to try that.

Maybe could be useful an option in snort that limits the rate of events
logged per second...

What do you think?


INFIS Network Administrator & Security Officer
Department of Physics       - University of Trieste
lcars at ...96... - PGP Key 0x8E21FE82
"How would you know I'm mad?" said Alice.
"You must be,'said the Cat,'or you wouldn't have come here."

More information about the Snort-users mailing list